https://github.com/voidsec/tivoli-madness

Advisory for CVE-2020-28054 & stack based buffer overflow in IBM Tivoli Storage Manager
https://github.com/voidsec/tivoli-madness

authorization-bypass buffer-overflow exploit ibm jamodat tivoli voidsec

Last synced: about 1 month ago
JSON representation

Advisory for CVE-2020-28054 & stack based buffer overflow in IBM Tivoli Storage Manager

Host: GitHub
URL: https://github.com/voidsec/tivoli-madness
Owner: VoidSec
Created: 2020-11-16T09:27:33.000Z (over 4 years ago)
Default Branch: main
Last Pushed: 2020-11-18T12:55:55.000Z (over 4 years ago)
Last Synced: 2025-03-23T22:38:01.168Z (about 2 months ago)
Topics: authorization-bypass, buffer-overflow, exploit, ibm, jamodat, tivoli, voidsec
Language: Python
Homepage: https://voidsec.com/tivoli-madness
Size: 31.7 MB
Stars: 7
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Tivoli-Madness
Advisory for:

+ CVE-2020-28054: An Authorization Bypass vulnerability affecting JamoDat – TSMManager Collector v. <= 6.5.0.21
+ A Stack Based Buffer Overflow affecting IBM Tivoli Storage Manager (Command Line Administrative Interface) Version 5, Release 2, Level 0.1.

Unfortunately, after I had one of the rudest encounters with an Hackerone’s triager, these are the takeaways:
+ IBM Tivoli Storage Manager has reached its end of life support and will not be patched.
+ No CVE number was released.
+ I cannot verify if this vulnerability is also affecting the newer IBM Spectrum Protect, so, good luck with that.

### You can read more on: [https://voidsec.com/tivoli-madness](https://voidsec.com/tivoli-madness)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/voidsec/tivoli-madness

Awesome Lists containing this project

README