Vulnerability CVE-2014-6184


Published: 2015-02-21   Modified: 2015-02-22

Description:
Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: IBM
Product: Tivoli storage manager 
Version:
6.3
6.2
6.1
5.5
5.4
Product: AIX 
Vendor: Apple
Product: Mac os x 
Vendor: HP
Product: Hp-ux 
Vendor: Linux
Product: Linux kernel 
Vendor: Oracle
Product: Solaris 

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www-01.ibm.com/support/docview.wss?uid=swg21695878
http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707

Related CVE
CVE-2017-10269
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network a...
CVE-2017-10272
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows low privileged attacker with network ac...
CVE-2017-10278
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with net...
CVE-2017-10266
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network a...
CVE-2017-10267
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network a...
CVE-2017-10151
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated atta...
CVE-2017-3588
Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: HA for MySQL). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the...
CVE-2017-3446
Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability all...

Copyright 2018, cxsecurity.com

 

Back to Top