Lucene search

K

[email protected]NVD:CVE-2007-4880

HistorySep 28, 2007 - 12:17 a.m.

CVE-2007-4880

2007-09-2800:17:00

CWE-119

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.967 High

EPSS

Percentile

99.7%

Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905.

Affected configurations

NVD

Node

ibmtivoli_storage_manager_clientMatch5.1

OR

ibmtivoli_storage_manager_clientMatch5.1.8.0

OR

ibmtivoli_storage_manager_clientMatch5.2

OR

ibmtivoli_storage_manager_clientMatch5.2.5.1

OR

ibmtivoli_storage_manager_clientMatch5.3

OR

ibmtivoli_storage_manager_clientMatch5.3.5.2

OR

ibmtivoli_storage_manager_clientMatch5.4

OR

ibmtivoli_storage_manager_clientMatch5.4.1.1

References

osvdb.org/38161

secunia.com/advisories/26883

securityreason.com/securityalert/3184

www-1.ibm.com/support/docview.wss?uid=swg21268775

www-1.ibm.com/support/search.wss?rs=0&q=IC52905&apar=only

www.securityfocus.com/archive/1/480492

www.securityfocus.com/bid/25743

www.securitytracker.com/id?1018725

www.vupen.com/english/advisories/2007/3228

www.zerodayinitiative.com/advisories/ZDI-07-054.html

exchange.xforce.ibmcloud.com/vulnerabilities/36700

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.967 High

EPSS

Percentile

99.7%

Related for NVD:CVE-2007-4880

cve2 packetstorm2 saint4 cvelist1 canvas1 securityvulns2 prion2 zdi1 checkpoint_advisories1 nessus1 nvd1