Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4348


Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4348
Last Modified 07 Mar 2011 09:58:24
Published 30 Oct 2007 03:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client and for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.

Vulnerable Systems


  • Ibm Tivoli Storage Manager Client

  • Ibm Tivoli Storage Manager Client


VUPEN - ADV-2007-3635


SECUNIA - 27013

XF - ibm-tsm-cad-xss(38125)

SECTRACK - 1018868

BID - 26221

Last Updated: 27 May 2016 10:45:50