Vulnerabilities > IBM > Tivoli Storage Manager Fastback > 5.5.6.0

DATE CVE VULNERABILITY TITLE RISK
2015-04-06 CVE-2015-0119 Improper Access Control vulnerability in IBM Tivoli Storage Manager Fastback
FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port.
network
low complexity
ibm CWE-284
7.5
7.5
2010-10-05 CVE-2010-3761 Code Injection vulnerability in IBM Tivoli Storage Manager Fastback
Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-700.
network
low complexity
ibm CWE-94
critical
 10.0
10
2010-10-05 CVE-2010-3760 Resource Management Errors vulnerability in IBM Tivoli Storage Manager Fastback
FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly handle a certain failure to allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash, and recovery failure) by specifying a large size value within TCP packet data.
network
low complexity
ibm CWE-399
7.8
7.8
2010-10-05 CVE-2010-3759 Code Injection vulnerability in IBM Tivoli Storage Manager Fastback
FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP packet field, which allows remote attackers to execute arbitrary code via multiple requests.
network
low complexity
ibm CWE-94
critical
 10.0
10
2010-10-05 CVE-2010-3758 Code Injection vulnerability in IBM Tivoli Storage Manager Fastback
Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to execute arbitrary code via vectors involving the (1) AGI_SendToLog (aka _SendToLog) function; the (2) group, (3) workgroup, or (4) domain name field to the USER_S_AddADGroup function; the (5) user_path variable to the FXCLI_checkIndexDBLocation function; or (6) the _AGI_S_ActivateLTScriptReply (aka ActivateLTScriptReply) function.
network
low complexity
ibm CWE-94
critical
 10.0
10
2010-10-05 CVE-2010-3757 OS Command Injection vulnerability in IBM Tivoli Storage Manager Fastback
Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via format string specifiers located after a | (pipe) character in a string.
network
low complexity
ibm CWE-78
critical
 10.0
10
2010-10-05 CVE-2010-3756 Improper Input Validation vulnerability in IBM Tivoli Storage Manager Fastback
The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP.
network
low complexity
ibm CWE-20
5.0
5.0
2010-10-05 CVE-2010-3755 Resource Management Errors vulnerability in IBM Tivoli Storage Manager Fastback
The _DAS_ReadBlockReply function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via data in a TCP packet.
network
low complexity
ibm CWE-399
5.0
5.0
2010-10-05 CVE-2010-3754 OS Command Injection vulnerability in IBM Tivoli Storage Manager Fastback
The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet.
network
low complexity
ibm CWE-78
critical
 10.0
10
2010-08-20 CVE-2010-3061 Remote Code Execution and Denial of Service vulnerability in IBM Tivoli Storage Manager FastBack
Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly trigger loss of data, via unknown vectors.
network
low complexity
ibm
5.0
5.0