In customer environments that utilize VMware restricted users, users of the Tivoli Storage FlashCopy Manager: FlashCopy Manager for VMware GUI can back up and restore VMs that they are not authorized to access.
CVE ID: CVE-2013-6714
DESCRIPTION:
In customer environments that utilize VMware restricted users, users of the Tivoli Storage FlashCopy Manager: FlashCopy Manager for VMware GUI can back up and restore VMs that they are not authorized to access, enabling them to perform the following actions, regardless of their specific VMware level of authorization:
CVSS:
CVSS Base Score: 4.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89057>
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:P)
Only the FlashCopy Manager for VMware component of the following product and release levels is affected:
The recommended solution is to apply the fix associated with the release of the product used in your environment.
Product: Component | VMRF of First Fix | Remediation / Link to First Fix |
---|---|---|
Tivoli Storage FlashCopy Manager: FlashCopy Manager for VMware | 4.1.0.1 | 4.1.0.1-TIV-TSFCMFTP-VMware.bin available at: |
<ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v4r1/vmware/>
Tivoli Storage FlashCopy Manager: FlashCopy Manager for VMware| 3.2.0.4| Note that 3.2.0.4 is no longer available for download. You can download 3.2.0.9 to obtain the fix:
<ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v3r2/vmware/>
Tivoli Storage FlashCopy Manager: FlashCopy Manager for VMware| 3.1.1.1| Fixes for release 3.1 are no longer available for download as this release is no longer supported. Customers requiring fixes should upgrade to the latest release which contains the most recent security fixes. Contact IBM Support with any questions.
None