Products
IBM Storage Protect for Virtual Environments: Data Protection for VMware
- 8.1.0.0 - 8.1.22.0
Source
psirt@us.ibm.com
Tags
CVE-2024-38329 details
Last Modified : June 19, 2024, 2:15 p.m.
Description
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-285 | Improper Authorization | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
7.7
Exploitability Score
3.1
Impact Score
4.0
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
References
URL | Source |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/294994 | psirt@us.ibm.com |
https://www.ibm.com/support/pages/node/7157929 | psirt@us.ibm.com |