CVE-2013-6714

Published May 26, 2014

Last updated 3 months ago

CVSS info 4.1

Overview

Description: The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.1
Impact score: 6.4
Exploitability score: 2.7
Vector string: AV:L/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BC01D70-F51D-4F55-A829-DFE0104AEF79"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD889452-6341-450B-9DF2-261B66A2ABB0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B5B7107-61B4-4B55-A138-7648D35497D5"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61D1CD20-0895-406E-904A-AC160C288943"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B29338F6-E909-4114-97F9-F71A648AF7AE"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC1CB0C1-BDEF-497F-85AF-2E0C9585E25E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References