Lucene search

IbmCVE-2013-6714

HistoryMay 26, 2014 - 7:55 p.m.

CVE-2013-6714

2014-05-2619:55:04

CWE-264

ibm

web.nvd.nist.gov

cve-2013-6714

flashcopy manager

vmware

ibm

tivoli storage

data overwrite

disk consumption

authorization

vulnerability

CVSS2

4.1

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions.

Affected configurations

Nvd

Node

ibmtivoli_storage_flashcopy_managerMatch3.1.0

ibmtivoli_storage_flashcopy_managerMatch3.1.1

ibmtivoli_storage_flashcopy_managerMatch3.2.0

ibmtivoli_storage_flashcopy_managerMatch3.2.1

ibmtivoli_storage_flashcopy_managerMatch4.1.0

ibmtivoli_storage_flashcopy_managerMatch4.1.0.1

VendorProductVersionCPE
ibmtivoli_storage_flashcopy_manager3.1.0cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.0:*:*:*:*:*:*:*
ibmtivoli_storage_flashcopy_manager3.1.1cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.1:*:*:*:*:*:*:*
ibmtivoli_storage_flashcopy_manager3.2.0cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.0:*:*:*:*:*:*:*
ibmtivoli_storage_flashcopy_manager3.2.1cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.1:*:*:*:*:*:*:*
ibmtivoli_storage_flashcopy_manager4.1.0cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*
ibmtivoli_storage_flashcopy_manager4.1.0.1cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_storage_flashcopy_manager	3.1.0	cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.0:::::::*
ibm	tivoli_storage_flashcopy_manager	3.1.1	cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.1:::::::*
ibm	tivoli_storage_flashcopy_manager	3.2.0	cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.0:::::::*
ibm	tivoli_storage_flashcopy_manager	3.2.1	cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.1:::::::*
ibm	tivoli_storage_flashcopy_manager	4.1.0	cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:::::::*
ibm	tivoli_storage_flashcopy_manager	4.1.0.1	cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0.1:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21673045

exchange.xforce.ibmcloud.com/vulnerabilities/89057

CVSS2

4.1

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-6714