IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass
CVE-2024-38329
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 19 June 2024
Summary
IBM Storage Protect for Virtual Environments, specifically versions 8.1.0.0 through 8.1.22.0, is susceptible to a security vulnerability that may allow remote authenticated attackers to bypass critical security restrictions. This flaw arises from the inadequate validation of user permissions. A malicious actor could exploit this vulnerability through specially crafted requests. Potential consequences include unauthorized modifications of configuration settings, initiating or restoring backups, and the deletion of all historical backups via log rotation. This vulnerability poses significant risks to data integrity and recovery processes.
Affected Version(s)
Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 <= 8.1.22.0
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved