CVE-2015-4951

Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL.

Published: Jan 20, 2016
Updated: Apr 13, 2023
CVE: CVE-2015-4951
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
ibm / tivoli_storage_manager	6.3	6.3.x
ibm / tivoli_storage_manager	6.1	6.1.x
ibm / tivoli_storage_manager	6.2	6.2.x
ibm / tivoli_storage_manager	6.4	6.4.x
ibm / tivoli_storage_manager	5.5	5.5.x
ibm / tivoli_storage_manager	7.1	7.1.x

http://www-01.ibm.com/support/docview.wss?uid=swg21973484
http://www.securitytracker.com/id/1034692

Vulnerability Database

CVE-2015-4951