CVE-2020-28198: 
IBM Tivoli Storage Manager vulnerability analysis and mitigation

The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. The vulnerability can be exploited when used in 'interactive' mode, while due to a character limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). This vulnerability affects products that are no longer supported by the maintainer (NVD).

The vulnerability is a stack-based buffer overflow in the 'id' parameter with an offset of 68 bytes to control EIP. The application has ASLR and DEP enabled but SafeSEH is disabled. The vulnerability can be triggered by providing sufficient characters in the 'id' field during interactive authentication, leading to a controlled crash. Bad characters that must be avoided include \x00\x08\x09\x0a\x0d\x1a\x1b\x7f (VoidSec, Exploit).

A successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with the privileges of the application. Since the application typically runs with elevated privileges, this could lead to complete system compromise (NVD).

As this vulnerability affects an unsupported version of the software, there are no official patches available. Organizations still using this version should migrate to a supported version of the product or implement network segmentation and access controls to limit exposure (NVD).