Vulnerability Details : CVE-2014-6184
Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2014-6184
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-6184
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-6184
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2014-6184
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6184
-
http://www-01.ibm.com/support/docview.wss?uid=swg21695878
IBM Security Bulletin: Tivoli Storage Manager Stack-based Buffer Overflow Elevation of Privilege: CVE-2014-6184Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707
IBM IT05707: TSM UNIX AND LINUX CLIENT LOCAL ESCALATION OF PRIVILEGE VULNERABILITY DUE TO STACK-BASED BUFFER OVERFLOWVendor Advisory
Jump to