Lucene search

IbmCVELIST:CVE-2024-38329

HistoryJun 19, 2024 - 1:43 p.m.

CVE-2024-38329 IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass

2024-06-1913:43:41

CWE-285

ibm

www.cve.org

ibm storage protect

virtual environments

vmware

security bypass

user permission

remote attackers

backup

restore

log rotation

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Storage Protect for Virtual Environments: Data Protection for VMware",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "8.1.22.0",
        "status": "affected",
        "version": "8.1.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/294994

www.ibm.com/support/pages/node/7157929

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-38329