Buffer Overflow Vulnerability in IBM Tivoli Storage Manager Server
CVE-2016-8998

7.2HIGH

Key Information:

Vendor: IBM
Status: Tivoli Storage Manager
Vendor: CVE Published:; 24 February 2017

What is CVE-2016-8998?

IBM Tivoli Storage Manager Server 7.1 is susceptible to a buffer overflow vulnerability that can be exploited by an authenticated user with TSM administrator privileges. This vulnerability arises when a specially crafted SQL query is executed, potentially leading to arbitrary code execution on the server. It is crucial for organizations using this software to implement security patches and monitor their systems to mitigate the risks associated with this exploit.

Affected Version(s)

Tivoli Storage Manager 7.1

References

http://www.securityfocus.com/bid/96443

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=swg21998747

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2017
Vulnerability Reserved
Oct 25, 2016