Wei Gao

**Name of the Vulnerable Software and Affected Versions** IBM SPSS Statistics versions 19 through 20 before 20.0.0.2-IF0008 IBM SPSS Statistics version 21 before 21.0.0.2-IF0010 IBM SPSS Statistics version 22 before 22.0.0.2-IF0011 IBM SPSS Statistics version 23 before 23.0.0.3-IF0001 IBM SPSS Statistics version 24 before 24.0.0.0-IF0003 **Description** The issue is a stack-based buffer overflow in the Initialize function in an ActiveX control. This allows remote authenticated users to execute arbitrary code via a long argument. **Recommendations** For IBM SPSS Statistics version 19, update to version 20.0.0.2-IF0008 or later. For IBM SPSS Statistics version 20 before 20.0.0.2-IF0008, update to version 20.0.0.2-IF0008 or later. For IBM SPSS Statistics version 21 before 21.0.0.2-IF0010, update to version 21.0.0.2-IF0010 or later. For IBM SPSS Statistics version 22 before 22.0.0.2-IF0011, update to version 22.0.0.2-IF0011 or later. For IBM SPSS Statistics version 23 before 23.0.0.3-IF0001, update to version 23.0.0.3-IF0001 or later. For IBM SPSS Statistics version 24 before 24.0.0.0-IF0003, update to version 24.0.0.0-IF0003 or later.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Storage Manager FastBack versions 5.5.x through 6.1.12.1 IBM Tivoli Storage Manager FastBack version 6.x before 6.1.12.2 **Description** The issue is related to inadequate access control in the server component, allowing remote attackers to cause a denial of service (service crash) by sending crafted packets to a TCP port. **Recommendations** For IBM Tivoli Storage Manager FastBack versions 5.5.x through 6.1.12.1, update to version 6.1.12.2 or later. For IBM Tivoli Storage Manager FastBack version 6.x before 6.1.12.2, update to version 6.1.12.2 or later.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Storage Manager FastBack (affected versions not specified) **Description** The issue is caused by a buffer overflow. It may allow a remote attacker to execute arbitrary code using a specially crafted command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Storage Manager FastBack (affected versions not specified) **Description** The issue is caused by a buffer overflow. It may allow a remote attacker to execute arbitrary code using a specially crafted command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Storage Manager FastBack (affected versions not specified) **Description** The issue is caused by a buffer overflow. It may allow a remote attacker to execute arbitrary code using a specially crafted command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Storage Manager FastBack (affected versions not specified) **Description** The issue is caused by a buffer overflow. It may allow a remote attacker to execute arbitrary code using a specially crafted command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.