In customer environments that utilize VMware restricted users, users of the Tivoli Storage Manager for Virtual Environments: Data Protection for VMware GUI can back up and restore VMs that they are not authorized to access.
CVE ID: CVE-2013-6713
DESCRIPTION:
In customer environments that utilize VMware restricted users, users of the Tivoli Storage Manager for Virtual Environments: Data Protection for VMware GUI can back up and restore VMs that they are not authorized to access, enabling them to perform the following actions, regardless of their specific VMware level of authorization:
CVSS:
CVSS Base Score: 4.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89055>
CVSS Environmental Score*: Undefined
CVSS Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P)
Only the Data Protection for VMware component of the following product and release levels is affected:
The recommended solution is to apply the fix associated with the release of the product used in your environment.
Product: Component | VMRF of First Fix | Platform | Remediation / Link to First Fix |
---|---|---|---|
Tivoli Storage Manager for Virtual Environments: Data Protection for VMware | 7.1.0.2 | ||
Windows | |||
Linux | http://www.ibm.com/support/docview.wss?uid=swg24037086 | ||
Tivoli Storage Manager for Virtual Environments: Data Protection for VMware | 6.4.2.0 |
| Windows
Linux| http://www.ibm.com/support/docview.wss?uid=swg24039356
Tivoli Storage Manager for Virtual Environments: Data Protection for VMware| 6.3.2.1| Windows
Linux| http://www.ibm.com/support/docview.wss?uid=swg24037601
None