What is CVE-2015-1986?

CVE-2015-1986 is a vulnerability in Ibm Tivoli_storage_manager_fastback, classified under Command Injection. Published 2015-06-30.

Is CVE-2015-1986 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Ibm Tivoli_storage_manager_fastback

CVE-2015-1986

The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.250 (96.3th percentile) — read the EPSS interpretation.

Affected products

Ibm Tivoli_storage_manager_fastback — versions 6.1.0.0, 6.1.1.0, 6.1.7.2
N/a — versions n/a

Weakness classification (CWE)

CWE-77 — Command Injection

Public proof-of-concept exploits

References

1032773 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
psirt@us.ibm.com (VDB Entry, Third Party Advisory, x_refsource_MISC)
75461 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2015-1986?: CVE-2015-1986 is a vulnerability in Ibm Tivoli_storage_manager_fastback, classified under Command Injection. Published 2015-06-30.
Is CVE-2015-1986 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.