CVE-2015-7425

Published: Feb 21, 2016Modified: May 6, 2026

10.0

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.

Affected (18)

Products: Ibm: Tivoli Storage Flashcopy Manager For Vmware, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware

Ibm

2 products

Tivoli Storage Flashcopy Manager For Vmware

Tivoli Storage Manager For Virtual Environments Data Protection For Vmware

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Storage Flashcopy Manager For Vmware	Version 3.1.1
Ibm Tivoli Storage Flashcopy Manager For Vmware	Version 3.1
Ibm Tivoli Storage Flashcopy Manager For Vmware	Version 3.2
Ibm Tivoli Storage Flashcopy Manager For Vmware	Version 6.3
Ibm Tivoli Storage Flashcopy Manager For Vmware	Version 6.4.2
Ibm Tivoli Storage Flashcopy Manager For Vmware	Version 6.4.3
Ibm Tivoli Storage Flashcopy Manager For Vmware	Version 6.4
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	Version 4.1.0
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	Version 4.1.1
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	Version 4.1.2
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	Version 4.1.3
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	Version 6.3.1
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	Version 6.3.2
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	Version 6.4.1
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	Version 7.1.0
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	Version 7.1.1
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	Version 7.1.2
Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	Version 7.1.3

Related CWEs

CWE-264

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21973086

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/79545

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21973086

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/79545

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.