IBMB615E0109A0BD5176A4745B5D6441D970EE38AFD76E805407F36CFA4FC2DA644Security Bulletin: IBM Tivoli Storage Manager FastBack Demo package on the Web Potential DLL Loading Code Execution Vulnerability (CVE-2016-5934 )
EPSS
Percentile
70.8%
Summary
IBM Tivoli Storage Manager FastBack Demo package on the Web contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.
Vulnerability Details
CVEID: CVE-2016-5934**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack Demo package on the web could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim’s path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim.
CVSS Base Score: 7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115819 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Products and Versions
FastBack Demo package on the Web page (option 4)
https://www.ibm.com/marketing/iwm/tnd/featured.jsp?pgel=featdnld
Remediation/Fixes
FastBack
| Platfom| Link to fix
—|—|—
FastBack Demo package on the Web| Windows| The affected FastBack demo was removed from the following web page:
https://www.ibm.com/marketing/iwm/tnd/featured.jsp?pgel=featdnld
Workarounds and Mitigations
None
Related
EPSS
Percentile
70.8%