Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME781AFC235FA9E8D970D4B50E36C244925DABB6043D1C2F1C432AB8645AD9519
HistoryJun 17, 2018 - 2:41 p.m.

Security Bulletin: Privilege Escalation Vulnerability in the FlashCopy Manager for VMware GUI (CVE-2013-6714)

2018-06-1714:41:10
www.ibm.com
5

EPSS

0

Percentile

5.1%

JSON

Summary

In customer environments that utilize VMware restricted users, users of the Tivoli Storage FlashCopy Manager: FlashCopy Manager for VMware GUI can back up and restore VMs that they are not authorized to access.

Vulnerability Details

CVE ID: CVE-2013-6714

DESCRIPTION:

In customer environments that utilize VMware restricted users, users of the Tivoli Storage FlashCopy Manager: FlashCopy Manager for VMware GUI can back up and restore VMs that they are not authorized to access, enabling them to perform the following actions, regardless of their specific VMware level of authorization:

  • access all data within the VMs that have been previously backed up and also back up and access data that has not previously been backed up
  • spawn multiple restores which could exhaust VMware storage
  • overwrite production VM data with backup data

CVSS:

CVSS Base Score: 4.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89057&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:P)

Affected Products and Versions

Only the FlashCopy Manager for VMware component of the following product and release levels is affected:

  • Tivoli Storage FlashCopy Manager 3.1, 3.2, and 4.1

Remediation/Fixes

The recommended solution is to apply the fix associated with the release of the product used in your environment.

Product: Component VMRF of First Fix Remediation / Link to First Fix
Tivoli Storage FlashCopy Manager: FlashCopy Manager for VMware 4.1.0.1 4.1.0.1-TIV-TSFCMFTP-VMware.bin available at:

<ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v4r1/vmware/&gt;
Tivoli Storage FlashCopy Manager: FlashCopy Manager for VMware| 3.2.0.4| Note that 3.2.0.4 is no longer available for download. You can download 3.2.0.9 to obtain the fix:
<ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v3r2/vmware/&gt;
Tivoli Storage FlashCopy Manager: FlashCopy Manager for VMware| 3.1.1.1| Fixes for release 3.1 are no longer available for download as this release is no longer supported. Customers requiring fixes should upgrade to the latest release which contains the most recent security fixes. Contact IBM Support with any questions.

Workarounds and Mitigations

None

Related

prion 1
nvd 1
cvelist 1
cve 1
ibm 1
prion
prion
Authorization
2014-05-26 19:55:00
nvd
nvd
CVE-2013-6714
2014-05-26 19:55:04
cvelist
cvelist
CVE-2013-6714
2014-05-26 19:00:00
cve
cve
CVE-2013-6714
2014-05-26 19:55:04
ibm
ibm
Security Bulletin: Privilege Escalation Vulnerability in the Data Protection for VMware GUI (CVE-2013-6713)
2018-06-17 14:41:11

EPSS

0

Percentile

5.1%

JSON
Related for E781AFC235FA9E8D970D4B50E36C244925DABB6043D1C2F1C432AB8645AD9519
prion1nvd1cvelist1cve1ibm1