7.2
CVE-2010-4604
- EPSS 0.76%
- Published 29.12.2010 18:00:03
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Tivoli Storage Manager Version >= 5.3.0 <= 5.3.6.7
Ibm ≫ Tivoli Storage Manager Version >= 5.4.0 <= 5.4.3.3
Ibm ≫ Tivoli Storage Manager Version >= 5.5.0 <= 5.5.2.7
Ibm ≫ Tivoli Storage Manager Version >= 6.1.0 <= 6.1.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.724 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.