Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4348

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4348
Last Modified 07 Mar 2011 09:58:24
Published 30 Oct 2007 03:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4348

Summary

Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.

Vulnerable Systems

Application

  • Ibm Tivoli Storage Manager Client 5.3.5.3

  • Ibm Tivoli Storage Manager Client 5.4.1.2


References

VUPEN - ADV-2007-3635

MISC - http://secunia.com/secunia_research/2007-75/advisory

SECUNIA - 27013

XF - ibm-tsm-cad-xss(38125)

SECTRACK - 1018868

BID - 26221


Last Updated: 27 May 2016 10:45:50