IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect™ for Virtual Environments) and IBM Tivoli Storage FlashCopy Manager for VMware (IBM Spectrum Protect™ Snapshot) is vulnerable to cross-site request forgery. An attacker could execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVEID: CVE-2016-6033**
DESCRIPTION:** IBM Tivoli Storage Manager for Virtual Environments (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116892 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
The following products and versions are affected.
Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect for Virtual Environments):
- 7.1.0.0 through 7.1.6.3
Tivoli Storage FlashCopy Manager for VMware (IBM Spectrum Protect Snapshot):
- 4.1.0.0 through 4.1.6.0
Tivoli Storage Manager for VE: Data Protection for VMware Release
| First Fixing VRMF Level|Client Platform|Link to Fix / Fix Availability Target
—|—|—|—
7.1| 7.1.6.4| Linux
Windows| http://www.ibm.com/support/docview.wss?uid=swg24042520
**_Tivoli Storage
FlashCopy Manager for VMware Release_** | First Fixing VRMF Level | Client Platform | Link to Fix / Fix Availability Target |
---|---|---|---|
4.1 | 4.1.6.1 | Linux | ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v4r1/vmware/v4161/ |
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli storage manager for virtual environments | eq | 7.1 | |
tivoli storage flashcopy manager | eq | 4.1 |