Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2015-06-30 |
| Product | Tivoli Storage Manager Fastback | Last view | 2016-04-05 |
| Version | 6.1.11.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:tivoli_storage_manager_fastback | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2016-04-05 | CVE-2015-8523 | The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. |
| 9.8 | 2016-04-05 | CVE-2015-8522 | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8521. |
| 9.8 | 2016-04-05 | CVE-2015-8521 | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522. |
| 9.8 | 2016-04-05 | CVE-2015-8520 | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522. |
| 9.8 | 2016-04-05 | CVE-2015-8519 | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8520, CVE-2015-8521, and CVE-2015-8522. |
| 9.8 | 2016-02-29 | CVE-2016-0216 | Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0213. |
| 9.8 | 2016-02-29 | CVE-2016-0213 | Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0216. |
| 9.8 | 2016-02-29 | CVE-2016-0212 | Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0213 and CVE-2016-0216. |
| 10 | 2015-08-03 | CVE-2015-4935 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4934. |
| 10 | 2015-08-03 | CVE-2015-4934 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4935. |
| 10 | 2015-08-03 | CVE-2015-4933 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4934, and CVE-2015-4935. |
| 10 | 2015-08-03 | CVE-2015-4932 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935. |
| 10 | 2015-08-03 | CVE-2015-4931 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4932, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935. |
| 10 | 2015-06-30 | CVE-2015-1986 | The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938. |
| 7.8 | 2015-06-30 | CVE-2015-1965 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, and CVE-2015-1964. |
| 7.8 | 2015-06-30 | CVE-2015-1964 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, and CVE-2015-1965. |
| 7.8 | 2015-06-30 | CVE-2015-1963 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1964, and CVE-2015-1965. |
| 7.8 | 2015-06-30 | CVE-2015-1962 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. |
| 7.8 | 2015-06-30 | CVE-2015-1954 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. |
| 7.8 | 2015-06-30 | CVE-2015-1953 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. |
| 10 | 2015-06-30 | CVE-2015-1949 | The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors. |
| 7.8 | 2015-06-30 | CVE-2015-1948 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. |
| 9.3 | 2015-06-30 | CVE-2015-1942 | The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to write to arbitrary files, and subsequently execute these files, via a crafted TCP packet to an unspecified port. |
| 7.8 | 2015-06-30 | CVE-2015-1941 | The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port. |
| 10 | 2015-06-30 | CVE-2015-1938 | The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1986. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 80% (24) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 10% (3) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
| 3% (1) | CWE-284 | Access Control (Authorization) Issues |
| 3% (1) | CWE-200 | Information Exposure |
| 3% (1) | CWE-20 | Improper Input Validation |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-B-0095 | Multiple Security Vulnerabilities in IBM Tivoli Storage Manager FastBack Severity: Category I - VMSKEY: V0061283 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-11-21 | IBM Tivoli Storage Manager FastBack command injection attempt RuleID : 44634 - Type : SERVER-OTHER - Revision : 2 |
| 2017-04-06 | IBM Tivoli Storage Manager Fastback buffer overflow attempt RuleID : 41802 - Type : SERVER-OTHER - Revision : 2 |
| 2017-04-06 | IBM Tivoli Storage Manager Fastback buffer overflow attempt RuleID : 41801 - Type : SERVER-OTHER - Revision : 2 |
| 2017-04-06 | IBM Tivoli Storage Manager Fastback buffer overflow attempt RuleID : 41800 - Type : SERVER-OTHER - Revision : 2 |
| 2017-04-06 | IBM Tivoli Storage Manager Fastback buffer overflow attempt RuleID : 41799 - Type : SERVER-OTHER - Revision : 2 |
| 2017-02-21 | IBM Tivoli Storage Manager FastBack server denial of service attempt RuleID : 41366 - Type : SERVER-OTHER - Revision : 1 |
| 2016-12-20 | IBM Tivoli Storage Manager FastBack directory traversal attempt RuleID : 40766 - Type : SERVER-OTHER - Revision : 2 |
| 2016-11-11 | IBM Tivoli Storage Manager FastBack opcode 4115 remote code execution attempt RuleID : 40422 - Type : SERVER-OTHER - Revision : 2 |
| 2016-11-08 | IBM Tivoli Storage Manager FastBack opcode 1301 remote code execution attempt RuleID : 40358 - Type : SERVER-OTHER - Revision : 2 |
| 2016-09-27 | IBM Tivoli Storage Manager FastBack command injection attempt RuleID : 39924 - Type : SERVER-OTHER - Revision : 2 |
| 2016-04-19 | IBM Tivoli Storage Manager FastBack Server opcode 1329 buffer overflow attempt RuleID : 38248 - Type : SERVER-OTHER - Revision : 1 |
| 2016-03-14 | IBM Tivoli Storage Manager FastBack Server buffer overflow attempt RuleID : 36823 - Type : SERVER-OTHER - Revision : 3 |
| 2016-03-14 | IBM Tivoli Storage Manager FastBack Server opcode 1332 buffer overflow attempt RuleID : 36463 - Type : SERVER-OTHER - Revision : 3 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-06-07 | Name: A remote backup service is affected by an information disclosure vulnerability. File: ibm_tsm_fastback_server_opcode_1329_info_disclosure.nasl - Type: ACT_ATTACK |
| 2016-03-09 | Name: The remote backup service is affected by multiple vulnerabilities. File: ibm_tsm_fastback_server_6_1_12_2.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote backup service is affected by multiple vulnerabilities. File: ibm_tsm_fastback_server_5_5.nasl - Type: ACT_GATHER_INFO |
| 2016-02-18 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2903-1.nasl - Type: ACT_GATHER_INFO |
| 2015-08-06 | Name: The remote backup service is affected by multiple vulnerabilities. File: ibm_tsm_fastback_server_6_1_12_1.nasl - Type: ACT_GATHER_INFO |
| 2015-07-07 | Name: The remote backup service is affected by multiple vulnerabilities. File: ibm_tsm_fastback_server_6_1_12.nasl - Type: ACT_GATHER_INFO |
