Overview
- Description
- The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-78
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:7.1:*:*:*:*:vmware:*:*",
"vulnerable": true,
"matchCriteriaId": "2B7DCD1F-0EAB-4EDD-982C-C49C06B15AAD"
},
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_snapshot:4.1:*:*:*:*:vmware:*:*",
"vulnerable": true,
"matchCriteriaId": "C56C3E6F-7A31-4B2E-955E-634C81033390"
}
],
"operator": "OR"
}
]
}
]