CVE-2015-7425

Published Feb 21, 2016

Last updated 8 years ago

CVSS critical 10.0

Overview

Description: The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 10
Impact score: 6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:3.1:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "203F0CBA-F197-4D41-A78D-C7A3821589AC"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:3.1.1:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "484105A4-8478-4DA3-B585-160172111B6A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:3.2:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E1B9146-18E4-4D0E-A2EC-15EC2752BC55"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:6.3:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4FD007A-2BCF-4DB8-B930-16E9D4F81C1A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:6.4:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "812D5640-37D8-4807-8E1B-00A4B6C5A6A2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:6.4.2:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4E0F82F-8D85-4906-AA14-2269154D8796"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:6.4.3:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E8FFC26-5ACD-4D6D-AFF8-57547D1FFAC6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:4.1.0:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECA86748-8079-41A9-8F33-78D4DB4ACFF1"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:4.1.1:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B26F181A-366C-4BC0-AF75-F4B33D7995E2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:4.1.2:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "277DF89F-FD45-4C49-A710-70BECC34131F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:4.1.3:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BB62142-7458-4790-A03E-28851FC69F03"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:6.3.1:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C88D0DD3-7B1D-44BB-A788-B92D1045E75B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:6.3.2:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F08588E-D2F0-48D1-A3D8-B2D9A170B607"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:6.4.1:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C3627BC-6A2B-4EBD-BECA-96E63721D39C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.0:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36E7C57E-DF95-4D24-A329-7626944EDC84"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.1:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "458373BD-CEFB-4402-868E-BB79F5027986"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.2:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F29966B-5F6E-42B3-BA84-0318AA5C57E2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.3:*:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07ADEB4E-924E-4836-A621-AD7396019AB7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References