Skip to content
/ Tivoli-Madness Public

Advisory for CVE-2020-28054 & stack based buffer overflow in IBM Tivoli Storage Manager

voidsec.com/tivoli-madness
7 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

VoidSec/Tivoli-Madness

BranchesTags

Repository files navigation

Tivoli-Madness

Advisory for:

  • CVE-2020-28054: An Authorization Bypass vulnerability affecting JamoDat – TSMManager Collector v. <= 6.5.0.21

  • A Stack Based Buffer Overflow affecting IBM Tivoli Storage Manager (Command Line Administrative Interface) Version 5, Release 2, Level 0.1.

    Unfortunately, after I had one of the rudest encounters with an Hackerone’s triager, these are the takeaways:

    • IBM Tivoli Storage Manager has reached its end of life support and will not be patched.
    • No CVE number was released.
    • I cannot verify if this vulnerability is also affecting the newer IBM Spectrum Protect, so, good luck with that.

You can read more on: https://voidsec.com/tivoli-madness

About

Advisory for CVE-2020-28054 & stack based buffer overflow in IBM Tivoli Storage Manager

voidsec.com/tivoli-madness

Topics

exploit ibm buffer-overflow tivoli voidsec jamodat authorization-bypass

Resources

Readme
Activity

Stars

7 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages