CVE-2015-7425

First published: Sun Feb 21 2016(Updated: )

The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Tivoli Storage Flashcopy Manager For Vmware	=3.1
Ibm Tivoli Storage Flashcopy Manager For Vmware	=3.1.1
Ibm Tivoli Storage Flashcopy Manager For Vmware	=3.2
Ibm Tivoli Storage Flashcopy Manager For Vmware	=6.3
Ibm Tivoli Storage Flashcopy Manager For Vmware	=6.4
Ibm Tivoli Storage Flashcopy Manager For Vmware	=6.4.2
Ibm Tivoli Storage Flashcopy Manager For Vmware	=6.4.3
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	=4.1.0
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	=4.1.1
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	=4.1.2
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	=4.1.3
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	=6.3.1
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	=6.3.2
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	=6.4.1
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	=7.1.0
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	=7.1.1
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	=7.1.2
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	=7.1.3

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/author
agent/severity
agent/weakness
agent/references
agent/type
agent/event
agent/description
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/ibm
canonical/ibm tivoli storage flashcopy manager for vmware
version/ibm tivoli storage flashcopy manager for vmware/3.1
version/ibm tivoli storage flashcopy manager for vmware/3.1.1
version/ibm tivoli storage flashcopy manager for vmware/3.2
version/ibm tivoli storage flashcopy manager for vmware/6.3
version/ibm tivoli storage flashcopy manager for vmware/6.4
version/ibm tivoli storage flashcopy manager for vmware/6.4.2
version/ibm tivoli storage flashcopy manager for vmware/6.4.3
canonical/ibm tivoli storage manager for virtual environments data protection for vmware
version/ibm tivoli storage manager for virtual environments data protection for vmware/4.1.0
version/ibm tivoli storage manager for virtual environments data protection for vmware/4.1.1
version/ibm tivoli storage manager for virtual environments data protection for vmware/4.1.2
version/ibm tivoli storage manager for virtual environments data protection for vmware/4.1.3
version/ibm tivoli storage manager for virtual environments data protection for vmware/6.3.1
version/ibm tivoli storage manager for virtual environments data protection for vmware/6.3.2
version/ibm tivoli storage manager for virtual environments data protection for vmware/6.4.1
version/ibm tivoli storage manager for virtual environments data protection for vmware/7.1.0
version/ibm tivoli storage manager for virtual environments data protection for vmware/7.1.1
version/ibm tivoli storage manager for virtual environments data protection for vmware/7.1.2
version/ibm tivoli storage manager for virtual environments data protection for vmware/7.1.3

CVE-2015-7425

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact