CVE-2020-28198

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Manager Version 5 Release 2

Description: The issue concerns a stack buffer overflow that can be exploited through the id parameter when used in interactive mode. This exploitation is limited by a maximum number of characters and cannot be exploited in batch or command line usage, such as through commands like dsmadmc.exe -id=username -password=pwd. It's noted that this vulnerability affects products that are no longer supported by the maintainer.

Recommendations: For IBM Tivoli Storage Manager Version 5 Release 2, as a temporary workaround, consider restricting the use of the id parameter in interactive mode to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.