CVE-2024-38329

Published: Jun 19, 2024Modified: Nov 21, 2024

7.7

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Exploitability: 3.1 / Impact: 4.0

Source: NVD

Description

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994.

Affected (1)

Products: Ibm: Storage Protect For Virtual Environments

1 product

Storage Protect For Virtual Environments

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Storage Protect For Virtual Environments	From 8.1.0.0 to 8.1.23.0

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/294994

Source: psirt@us.ibm.com

Vendor Advisory

https://www.ibm.com/support/pages/node/7157929

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/294994

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.ibm.com/support/pages/node/7157929

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.