Cross-site Scripting Vulnerability in IBM Tivoli Storage Manager Client
CVE-2007-4348

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Storage Manager Client
Vendor: CVE Published:; 30 October 2007

Summary

The Tivoli Storage Manager (TSM) Client for Windows is vulnerable to a Cross-site Scripting (XSS) issue in its CAD service. Attackers can exploit this vulnerability by crafting HTTP requests to port 1581, enabling them to inject arbitrary web scripts or HTML code. This malicious payload can generate entries in the dsmerror.log, which is exposed through the web interface, potentially compromising system integrity and user data.

References

http://www.vupen.com/english/advisories/2007/3635

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/38125

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/26221

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 30, 2007
Vulnerability Reserved
Aug 14, 2007