Description
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://voidsec.com
Product x_refsource_misc
https://tsmmanager.com
Third Party Advisory x_refsource_misc
https://voidsec.com/tivoli-madness/
Scores
CVSS v3
7.5
EPSS
0.0116
EPSS Percentile
78.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (1)
tsmmanager/tsmmanager
< 6.5.0.21
Published
Nov 19, 2020
Tracked Since
Feb 18, 2026