Vulnerability Details : CVE-2015-7425
The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.
Products affected by CVE-2015-7425
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:6.4.3:*:*:*:*:vmware:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:6.4.2:*:*:*:*:vmware:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:6.3:*:*:*:*:vmware:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:3.2:*:*:*:*:vmware:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:3.1.1:*:*:*:*:vmware:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:6.4:*:*:*:*:vmware:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:3.1:*:*:*:*:vmware:*:*
- IBM » Tivoli Storage Manager For Virtual Environments Data Protection For Vmware » Version: 6.4.1 For Vmwarecpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:6.4.1:*:*:*:*:vmware:*:*
- IBM » Tivoli Storage Manager For Virtual Environments Data Protection For Vmware » Version: 6.3.2 For Vmwarecpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:6.3.2:*:*:*:*:vmware:*:*
- IBM » Tivoli Storage Manager For Virtual Environments Data Protection For Vmware » Version: 6.3.1 For Vmwarecpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:6.3.1:*:*:*:*:vmware:*:*
- IBM » Tivoli Storage Manager For Virtual Environments Data Protection For Vmware » Version: 4.1.3 For Vmwarecpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:4.1.3:*:*:*:*:vmware:*:*
- IBM » Tivoli Storage Manager For Virtual Environments Data Protection For Vmware » Version: 4.1.2 For Vmwarecpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:4.1.2:*:*:*:*:vmware:*:*
- IBM » Tivoli Storage Manager For Virtual Environments Data Protection For Vmware » Version: 7.1.1 For Vmwarecpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.1:*:*:*:*:vmware:*:*
- IBM » Tivoli Storage Manager For Virtual Environments Data Protection For Vmware » Version: 7.1.0 For Vmwarecpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.0:*:*:*:*:vmware:*:*
- IBM » Tivoli Storage Manager For Virtual Environments Data Protection For Vmware » Version: 4.1.0 For Vmwarecpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:4.1.0:*:*:*:*:vmware:*:*
- IBM » Tivoli Storage Manager For Virtual Environments Data Protection For Vmware » Version: 7.1.3 For Vmwarecpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.3:*:*:*:*:vmware:*:*
- IBM » Tivoli Storage Manager For Virtual Environments Data Protection For Vmware » Version: 7.1.2 For Vmwarecpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.2:*:*:*:*:vmware:*:*
- IBM » Tivoli Storage Manager For Virtual Environments Data Protection For Vmware » Version: 4.1.1 For Vmwarecpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:4.1.1:*:*:*:*:vmware:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7425
0.95%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7425
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
10.0
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
NIST |
CWE ids for CVE-2015-7425
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7425
-
http://www.securityfocus.com/bid/79545
IBM Tivoli Storage FlashCopy Manager and Tivoli Storage Manager Privilege Escalation Vulnerability
-
http://www-01.ibm.com/support/docview.wss?uid=swg21973086
IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by unauthorized access vulnerability (CVE-20Vendor Advisory
Jump to