Ibm Tivoli Storage Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Tivoli Storage Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (49)
CVE-2009-1178 — CVSS 10.0 (critical): Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and…
CVE-2006-5855 — CVSS 10.0 (critical): Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial…
CVE-2008-4563 — CVSS 10.0 (critical): Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager…
CVE-2009-3854 — CVSS 10.0 (critical): Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before…
CVE-2016-8937 — CVSS 9.8 (critical): The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due…
CVE-2009-3853 — CVSS 9.3 (critical): Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before…
CVE-2009-3855 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli…
CVE-2016-8940 — CVSS 8.8 (high): IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As…
CVE-2016-6045 — CVSS 8.8 (high): IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious…
CVE-2017-1378 — CVSS 7.8 (high): IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the…
CVE-2016-5985 — CVSS 7.8 (high): The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A…
CVE-2002-0541 — CVSS 7.5 (high): Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and…
CVE-2006-6309 — CVSS 7.5 (high): Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read…
CVE-2010-4606 — CVSS 7.5 (high): Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage…
CVE-2014-6185 — CVSS 7.2 (high): dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly…
CVE-2010-4604 — CVSS 7.2 (high): Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive…
CVE-2016-8998 — CVSS 7.2 (high): IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using…
CVE-2011-1222 — CVSS 7.2 (high): Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4…
CVE-2011-1223 — CVSS 7.2 (high): Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage…
CVE-2013-2964 — CVSS 7.2 (high): Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0…
CVE-2015-4927 — CVSS 7.2 (high): The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux…
CVE-2014-6184 — CVSS 7.2 (high): Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1…
CVE-2020-28198 — CVSS 7.0 (high): The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to…
CVE-2016-6043 — CVSS 7.0 (high): Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not…
CVE-2014-4813 — CVSS 6.9 (medium): Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6…
CVE-2010-4605 — CVSS 6.6 (medium): Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4…
CVE-2016-6110 — CVSS 6.5 (medium): IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
CVE-2018-1550 — CVSS 6.2 (medium): IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of…
CVE-2016-8939 — CVSS 5.5 (medium): IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner…
CVE-2017-1301 — CVSS 5.5 (medium): IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client…
CVE-2016-0371 — CVSS 5.5 (medium): The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.
CVE-2016-8916 — CVSS 5.5 (medium): IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set…
CVE-2016-6046 — CVSS 5.4 (medium): IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2015-4951 — CVSS 5.3 (medium): Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before…
CVE-2018-1786 — CVSS 5.3 (medium): IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause…
CVE-2013-0472 — CVSS 5.1 (medium): The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers…
CVE-2017-1339 — CVSS 4.4 (medium): IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator…
CVE-2004-2762 — CVSS 4.3 (medium): The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x…
CVE-2016-6044 — CVSS 4.3 (medium): IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which…
CVE-2013-0471 — CVSS 4.3 (medium): The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1…
CVE-2015-7408 — CVSS 3.7 (low): The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict…
CVE-2003-1570 — CVSS 3.5 (low): The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the…
CVE-2013-6335 — CVSS 3.3 (low): The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x…
CVE-2016-2894 — CVSS 2.5 (low): IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows…
CVE-2014-4818 — CVSS 2.1 (low): dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to…
CVE-2014-0876 — CVSS 2.1 (low): Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager…
CVE-2013-5371 — CVSS 2.1 (low): The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS)…
CVE-2014-4817 — CVSS 2.1 (low): The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass…
CVE-2014-6195 — CVSS 1.9 (low): The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on…