{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T06:03:13.382","vulnerabilities":[{"cve":{"id":"CVE-2020-28198","sourceIdentifier":"cve@mitre.org","published":"2021-05-06T20:15:09.587","lastModified":"2024-11-21T05:22:27.827","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"},{"lang":"es","value":"** NO COMPATIBLE CUANDO SE ASIGNO ** El parámetro \"id\" de IBM Tivoli Storage Manager Versión 5 Release 2 (Interfaz Administrativa de Línea de Comandos, dsmadmc.exe) es vulnerable a un desbordamiento del búfer de la pila explotable. Nota: la vulnerabilidad puede ser explotada cuando es usado en modo \"interactive\" mientras que, debido a una limitación del número máximo de caracteres, no puede ser explotado en el uso por lotes o en la línea de comandos (por ejemplo, dsmadmc.exe -id=username -password=pwd) . NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"335583D7-12D1-46BB-AC8A-8369B7E13D35"}]}]}],"references":[{"url":"https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}