CVE-2016-5934

7.3HIGH

Key Information:

Vendor: IBM
Status: Tivoli Storage Manager Fastback
Vendor: CVE Published:; 8 February 2017

Summary

IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim.

Affected Version(s)

Tivoli Storage Manager FastBack 5.5

Tivoli Storage Manager FastBack 6.1

Tivoli Storage Manager FastBack 5.5.0

References

http://www.securityfocus.com/bid/92614

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=swg21988908

x_refsource_CONFIRM

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2017
Vulnerability Reserved
Jun 29, 2016