CVE Vulnerability

CVE-2007-4348

Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://secunia.com/secunia_research/2007-75/advisory Vendor Advisory
http://secunia.com/advisories/27013 Vendor Advisory
http://www.securityfocus.com/bid/26221
http://www.securitytracker.com/id?1018868
http://www.vupen.com/english/advisories/2007/3635
https://exchange.xforce.ibmcloud.com/vulnerabilities/38125
Configurations

Configuration 1

cpe:2.3:a:ibm:tivoli_storage_manager_client:*:*:windows:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_client:*:*:windows:*:*:*:*:*
Information

Published : 2007-10-30 07:46

Updated : 2017-07-29 01:32

NVD link : CVE-2007-4348

Mitre link : CVE-2007-4348

Products Affected
No products.
CWE
CWE-79