CVE-2015-1949 : The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary command

The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors.

Published 2015-06-30 15:59:10

Updated 2016-12-28 02:59:06

Source IBM Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-1949

Probability of exploitation activity in the next 30 days: 95.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-1949

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-1949

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-1949

http://www.zerodayinitiative.com/advisories/ZDI-15-271

ZDI-15-271 | Zero Day Initiative
http://www.securitytracker.com/id/1032773

IBM Tivoli Storage Manager FastBack Multiple Flaws Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTracker

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21959398

IBM Security Bulletin: Multiple Security Vulnerabilities in IBM Tivoli Storage Manager FastBack
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/75459

IBM Tivoli Storage Manager FastBack CVE-2015-1949 Remote Command Injection Vulnerability

Products affected by CVE-2015-1949

IBM » Tivoli Storage Manager Fastback » Version: 6.1.0.0
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Storage Manager Fastback » Version: 6.1.11.0
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.11.0:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Storage Manager Fastback » Version: 6.1.8.0
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.8.0:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Storage Manager Fastback » Version: 6.1.1.0
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.1.0:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Storage Manager Fastback » Version: 6.1.10.0
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.10.0:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Storage Manager Fastback » Version: 6.1.10.1
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.10.1:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Storage Manager Fastback » Version: 6.1.9.0
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.9.0:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Storage Manager Fastback » Version: 6.1.9.1
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.9.1:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Storage Manager Fastback » Version: 6.1.7.2
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.7.2:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Storage Manager Fastback » Version: 6.1.8.1
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.8.1:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Storage Manager Fastback » Version: 6.1.11.1
cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.11.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-1949

Exploit prediction scoring system (EPSS) score for CVE-2015-1949

CVSS scores for CVE-2015-1949

CWE ids for CVE-2015-1949

References for CVE-2015-1949

Products affected by CVE-2015-1949