CVE-2015-4951

Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmtivoli_storage_manager
5.5
ibmtivoli_storage_manager
6.1
ibmtivoli_storage_manager
6.2
ibmtivoli_storage_manager
6.3
ibmtivoli_storage_manager
6.4
ibmtivoli_storage_manager
7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21973484
http://www.securitytracker.com/id/1034692
http://www-01.ibm.com/support/docview.wss?uid=swg21973484
http://www.securitytracker.com/id/1034692