CVE-2024-38329

2024-06-1914:15:13

CWE-285

[email protected]

web.nvd.nist.gov

ibm

storage protect

virtual environments

data protection

vmware

remote authenticated attacker

security restrictions

improper validation

user permission

crafted request

exploit

settings change

trigger backups

restore backups

delete backups

log rotation

x-force id 294994

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994.