CVE-2009-1520

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Manager (TSM) client versions 5.1.0.0 through 5.1.8.2 IBM Tivoli Storage Manager (TSM) client versions 5.2.0.0 through 5.2.5.3 IBM Tivoli Storage Manager (TSM) client versions 5.3.0.0 through 5.3.6.4 IBM Tivoli Storage Manager (TSM) client versions 5.4.0.0 through 5.4.2.6 IBM Tivoli Storage Manager (TSM) client versions 5.5.0.0 through 5.5.1.17

Description: The issue is related to a buffer overflow in the Web GUI of the IBM Tivoli Storage Manager (TSM) client. This allows attackers to cause a denial of service, resulting in an application crash, or execute arbitrary code via unspecified vectors.

Recommendations: For versions 5.1.0.0 through 5.1.8.2, update to a version outside of this range to resolve the issue. For versions 5.2.0.0 through 5.2.5.3, update to a version outside of this range to resolve the issue. For versions 5.3.0.0 through 5.3.6.4, update to a version outside of this range to resolve the issue. For versions 5.4.0.0 through 5.4.2.6, update to a version outside of this range to resolve the issue. For versions 5.5.0.0 through 5.5.1.17, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Web GUI to minimize the risk of exploitation.