What is the severity of CVE-2016-8998?

CVE-2016-8998 has a high severity rating due to its potential to allow arbitrary code execution on affected systems.

How do I fix CVE-2016-8998?

To fix CVE-2016-8998, update IBM Tivoli Storage Manager to a version that addresses this vulnerability, as recommended by IBM.

Which versions of IBM Tivoli Storage Manager are affected by CVE-2016-8998?

CVE-2016-8998 affects several versions of IBM Tivoli Storage Manager, specifically versions 7.1.x, including 7.1.1 to 7.1.7.

Who is impacted by CVE-2016-8998?

Authenticated users with TSM administrator privileges in the affected versions of IBM Tivoli Storage Manager are at risk from CVE-2016-8998.

What types of attacks can exploit CVE-2016-8998?

CVE-2016-8998 can be exploited through specially crafted SQL queries that lead to a buffer overflow, allowing attackers to execute arbitrary code.

Vulnerability/
CVE-2016-8998

high

7.2

CWE

119

24/2/2017

6/8/2024

CVE-2016-8998: Buffer Overflow

First published: Fri Feb 24 2017(Updated: )

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Tivoli Storage Manager	=7.1.1
IBM Tivoli Storage Manager	=7.1.1.1
IBM Tivoli Storage Manager	=7.1.1.2
IBM Tivoli Storage Manager	=7.1.1.100
IBM Tivoli Storage Manager	=7.1.1.200
IBM Tivoli Storage Manager	=7.1.1.300
IBM Tivoli Storage Manager	=7.1.3
IBM Tivoli Storage Manager	=7.1.3.000
IBM Tivoli Storage Manager	=7.1.3.1
IBM Tivoli Storage Manager	=7.1.3.2
IBM Tivoli Storage Manager	=7.1.3.100
IBM Tivoli Storage Manager	=7.1.4
IBM Tivoli Storage Manager	=7.1.4.1
IBM Tivoli Storage Manager	=7.1.4.2
IBM Tivoli Storage Manager	=7.1.5
IBM Tivoli Storage Manager	=7.1.5.200
IBM Tivoli Storage Manager	=7.1.7

Remedy

http://www.ibm.com/support/docview.wss?uid=swg21998747

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-8998?
CVE-2016-8998 has a high severity rating due to its potential to allow arbitrary code execution on affected systems.
How do I fix CVE-2016-8998?
To fix CVE-2016-8998, update IBM Tivoli Storage Manager to a version that addresses this vulnerability, as recommended by IBM.
Which versions of IBM Tivoli Storage Manager are affected by CVE-2016-8998?
CVE-2016-8998 affects several versions of IBM Tivoli Storage Manager, specifically versions 7.1.x, including 7.1.1 to 7.1.7.
Who is impacted by CVE-2016-8998?
Authenticated users with TSM administrator privileges in the affected versions of IBM Tivoli Storage Manager are at risk from CVE-2016-8998.
What types of attacks can exploit CVE-2016-8998?
CVE-2016-8998 can be exploited through specially crafted SQL queries that lead to a buffer overflow, allowing attackers to execute arbitrary code.

agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/weakness
agent/remedy
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm tivoli storage manager
version/ibm tivoli storage manager/7.1.1
version/ibm tivoli storage manager/7.1.1.1
version/ibm tivoli storage manager/7.1.1.2
version/ibm tivoli storage manager/7.1.1.100
version/ibm tivoli storage manager/7.1.1.200
version/ibm tivoli storage manager/7.1.1.300
version/ibm tivoli storage manager/7.1.3
version/ibm tivoli storage manager/7.1.3.000
version/ibm tivoli storage manager/7.1.3.1
version/ibm tivoli storage manager/7.1.3.2
version/ibm tivoli storage manager/7.1.3.100
version/ibm tivoli storage manager/7.1.4
version/ibm tivoli storage manager/7.1.4.1
version/ibm tivoli storage manager/7.1.4.2
version/ibm tivoli storage manager/7.1.5
version/ibm tivoli storage manager/7.1.5.200
version/ibm tivoli storage manager/7.1.7