IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass

CVE-2024-38329

7.7HIGH

Key Information

Vendor: IBM
Status: Storage Protect For Virtual Environments: Data Protection For Vmware
Vendor: Published:; 19 June 2024

Summary

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994.

Affected Version(s)

Storage Protect for Virtual Environments: Data Protection for VMware <= 8.1.22.0

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

NONE

Integrity:

HIGH

Availability:

NONE

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Timeline

Vulnerability published.
Jun 19, 2024
Vulnerability Reserved.
Jun 13, 2024

Collectors

NVD DatabaseMitre Database