CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
5.1%
The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_storage_flashcopy_manager | 3.1.0 | cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.0:*:*:*:*:*:*:* |
ibm | tivoli_storage_flashcopy_manager | 3.1.1 | cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.1:*:*:*:*:*:*:* |
ibm | tivoli_storage_flashcopy_manager | 3.2.0 | cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.0:*:*:*:*:*:*:* |
ibm | tivoli_storage_flashcopy_manager | 3.2.1 | cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.1:*:*:*:*:*:*:* |
ibm | tivoli_storage_flashcopy_manager | 4.1.0 | cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:* |
ibm | tivoli_storage_flashcopy_manager | 4.1.0.1 | cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0.1:*:*:*:*:*:*:* |