Stack Buffer Overflow in IBM Tivoli Storage Manager Command Line Interface
CVE-2020-28198

7HIGH

Key Information:

Vendor: IBM
Status: Tivoli Storage Manager
Vendor: CVE Published:; 6 May 2021

What is CVE-2020-28198?

The 'id' parameter of IBM Tivoli Storage Manager's Command Line Administrative Interface (dsmadmc.exe) is susceptible to an exploitable stack buffer overflow. This can occur specifically during its interactive mode. Notably, due to a character limitation, exploitation is not possible in batch or command-line usage. It is important to note that this vulnerability affects versions of the product that are no longer supported by IBM.

References

https://github.com/VoidSec/Exploit-Development/blob/maste...

x_refsource_MISC

https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Ma...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2021
Vulnerability Reserved
Nov 4, 2020