CRITICAL🇬🇧 English

CVE-2015-7425

CVSS 10.0v3.0pub. 2016-02-21upd. 2026-05-06

The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • IBM Tivoli Storage Flashcopy Manager For VMware

    APP
    Ibm
    3.13.1.13.26.36.46.4.26.4.3
  • IBM Tivoli Storage Manager For Virtual Environments Data Protection For VMware

    APP
    Ibm
    4.1.04.1.14.1.24.1.36.3.16.3.26.4.17.1.07.1.17.1.27.1.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2016-6033HIGH8.8ten sam produkt

IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery w...

CVE-2018-1786MEDIUM5.3ten sam produkt

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WA...

CVE-2016-6034MEDIUM6.8ten sam produkt

IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to ...

CVE-2016-6110MEDIUM6.5ten sam produkt

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by...

CVE-2022-47986CRITICAL9.8⚠ KEVten sam vendor

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...