CVE-2007-4348

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Storage Manager Client
Vendor: CVE Published:; 30 October 2007

Summary

Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.

References

http://www.vupen.com/english/advisories/2007/3635

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/38125

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/26221

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 30, 2007
Vulnerability Reserved
Aug 14, 2007