An attacker can force IBM Tivoli Storage Manager FastBack Server to write arbitrary data to an arbitrary file under the privilege of SYSTEM.
CVEID: CVE-2015-1942**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack could allow a remote attacker to write and execute a file on the system by sending a specially crafted packet to a specific TCP port.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103137> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
IBM Tivoli Storage Manager FastBack Server 6.1.11.1 and earlier
_FastBack Release _
| First FixingVRMF Level| Platfom| APAR| Link to fix
—|—|—|—|—
6.1 | 6.1.12| Windows| None| <http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FTivoli%2FIBM+Tivoli+Storage+Manager+FastBack>
none