7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
The IBM Tivoli Storage Manager FastBack mount process is vulnerable to a stack-based buffer overflow. A local or network attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.
CVEID: CVE-2015-1898**
DESCRIPTION:** IBM Tivoli Storage Manager is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by FastBackMount process. An attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the server to crash.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101633> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
IBM Tivoli Storage Manager FastBack Mount 6.1.11 and earlier.
_FastBack Release _
| First Fixing
VRMF Level| Platfom| APAR| Link to fix
—|—|—|—|—
6.1 | 6.1.11.1| Windows| None| http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Tivoli+Storage+Manager+FastBack&fixids=6.1.11.1-TIV-TSMFB-FP001&source=SAR
None.