Vulnerability Description
Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Tivoli Storage Manager Client | <= 5.3.5.3 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/27013Vendor Advisory
- http://secunia.com/secunia_research/2007-75/advisoryVendor Advisory
- http://www.securityfocus.com/bid/26221
- http://www.securitytracker.com/id?1018868
- http://www.vupen.com/english/advisories/2007/3635
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38125
- http://secunia.com/advisories/27013Vendor Advisory
- http://secunia.com/secunia_research/2007-75/advisoryVendor Advisory
- http://www.securityfocus.com/bid/26221
- http://www.securitytracker.com/id?1018868
- http://www.vupen.com/english/advisories/2007/3635
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38125
FAQ
What is CVE-2007-4348?
CVE-2007-4348 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML vi...
How severe is CVE-2007-4348?
CVE-2007-4348 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4348?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Tivoli Storage Manager Client.