Vulnerability CVE-2007-5022 - CERT Civis.Net

Vulnerability Name:

CVE-2007-5022 (CCN-36701)

Assigned:

2007-09-19

Published:

2007-09-19

Updated:

2018-10-26

Summary:

Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2, when using "server-initiated prompted scheduling," allows remote attackers to read a client's data, aka IC53616.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.3 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-5022

Source: OSVDB
Type: Broken Link
38162

Source: CCN
Type: SA26883
IBM Tivoli Storage Manager Client Information Disclosure and Buffer Overflow

Source: SECUNIA
Type: Third Party Advisory
26883

Source: CCN
Type: SECTRACK ID: 1018725
IBM Tivoli Storage Manager Bugs Lets Remote Users Execute Arbitrary Code and Access Client Data

Source: CCN
Type: IBM Security Bulletin 1268775
Two security vulnerabilities exist in the IBM Tivoli Storage Manager (TSM) client

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21268775

Source: AIXAPAR
Type: Vendor Advisory
IC53616

Source: CCN
Type: OSVDB ID: 38162
IBM Tivoli Storage Manager (TSM) Client Server-initiated Prompted Scheduling Unspecified Issue

Source: BID
Type: Patch, Third Party Advisory, VDB Entry
25743

Source: CCN
Type: BID-25743
IBM Tivoli Storage Manager Client Multiple Vulnerabilities

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1018725

Source: VUPEN
Type: Third Party Advisory
ADV-2007-3228

Source: XF
Type: Third Party Advisory, VDB Entry
ibm-tsm-server-unauthorized-access(36701)

Source: XF
Type: UNKNOWN
ibm-tsm-server-unauthorized-access(36701)

Source: CCN
Type: ZDI-07-054
IBM Tivoli Storage Manager Express CAD Service Buffer Overflow Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:tivoli_storage_manager_client:*:*:*:*:*:*:*:* (Version >= 5.1 and < 5.1.8.1)

OR cpe:/a:ibm:tivoli_storage_manager_client:*:*:*:*:*:*:*:* (Version >= 5.2 and < 5.2.5.2)

OR cpe:/a:ibm:tivoli_storage_manager_client:*:*:*:*:*:*:*:* (Version >= 5.3 and < 5.3.5.3)

OR cpe:/a:ibm:tivoli_storage_manager_client:*:*:*:*:*:*:*:* (Version >= 5.4 and < 5.4.1.2)

Configuration CCN 1:

cpe:/a:ibm:tivoli_storage_manager_client:5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_storage_manager_client:5.1.8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_storage_manager_client:5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_storage_manager_client:5.2.5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_storage_manager_client:5.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_storage_manager_client:5.3.5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_storage_manager_client:5.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_storage_manager_client:5.4.1.1:*:*:*:*:*:*:*

Denotes that component is vulnerable