CVE-2007-4348

IBM TSM Client <5.4.1.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.

References (6)

[Vendor Advisory] http://secunia.com/advisories/27013

[Vendor Advisory] http://secunia.com/secunia_research/2007-75/advisory

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/38125

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26221

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018868

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3635

Scores

EPSS 0.0050

EPSS Percentile 65.4%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

ibm/tivoli_storage_manager_client < 5.3.5.3

Timeline

Published Oct 30, 2007

Tracked Since Feb 18, 2026