CVE-2007-4348

Name of the Vulnerable Software and Affected Versions IBM Tivoli Storage Manager (TSM) Client versions 5.3.5.3 and 5.4.1.2

Description A cross-site scripting (XSS) issue exists in the CAD service of the IBM Tivoli Storage Manager (TSM) Client, allowing remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581. This results in the generation of log entries in the dsmerror.log file, which can be accessed through a specific web interface.

Recommendations For version 5.3.5.3, update to a version that addresses this issue. For version 5.4.1.2, update to a version that addresses this issue. As a temporary workaround, consider restricting access to the CAD service and the dsmerror.log file to minimize the risk of exploitation.