Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-28054 PoC — TSMManager Collector 信息泄露漏洞

Source
https://github.com/VoidSec/Tivoli-Madness
Associated Vulnerability
Title:TSMManager Collector 信息泄露漏洞 (CVE-2020-28054)
Description:JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.
Description
Advisory for CVE-2020-28054 & stack based buffer overflow in IBM Tivoli Storage Manager
Readme
# Tivoli-Madness
Advisory for:

+ CVE-2020-28054: An Authorization Bypass vulnerability affecting JamoDat – TSMManager Collector v. <= 6.5.0.21
+ A Stack Based Buffer Overflow affecting IBM Tivoli Storage Manager (Command Line Administrative Interface) Version 5, Release 2, Level 0.1. 

	Unfortunately, after I had one of the rudest encounters with an Hackerone’s triager, these are the takeaways: 
	+ IBM Tivoli Storage Manager has reached its end of life support and will not be patched.
	+ No CVE number was released.
	+ I cannot verify if this vulnerability is also affecting the newer IBM Spectrum Protect, so, good luck with that.

### You can read more on: [https://voidsec.com/tivoli-madness](https://voidsec.com/tivoli-madness)
File Snapshot

 [4.0K]  /data/pocs/0086a1df941aab6fcbd36af649ab1e389b60c8d2
├── [1.4K]  CreateProcessPoC.cpp
├── [4.0K]  IBM - ITSM Administrator Client
│   ├── [1.0M]  IBM_ITSM_Administrator_Client_v.5.2.0.1.zip
│   └── [7.2K]  IBM_TSM_v.5.2.0.1_exploit.py
├── [4.0K]  JamoDat - TSMManager
│   ├── [1.6K]  TSM_Client.py
│   ├── [ 13M]  TSMmgr_client_patched.exe
│   ├── [ 19M]  TSMMgr_Collector_v.6.3.exe
│   └── [7.1M]  TSMMgr_Viewer_v.6.3.exe
└── [ 741]  README.md

2 directories, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →