Vulnerability Details : CVE-2013-6714
The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions.
Vulnerability category: Denial of service
Products affected by CVE-2013-6714
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6714
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6714
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.1
|
MEDIUM | AV:L/AC:M/Au:S/C:P/I:P/A:P |
2.7
|
6.4
|
NIST |
CWE ids for CVE-2013-6714
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6714
-
http://www-01.ibm.com/support/docview.wss?uid=swg21673045
IBM Security Bulletin: Privilege Escalation Vulnerability in the FlashCopy Manager for VMware GUI (CVE-2013-6714)Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89057
IBM Tivoli Storage FlashCopy Manager VMware GUI privilege escalation CVE-2013-6714 Vulnerability Report
Jump to