CVE-2024-38329

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/294994
https://www.ibm.com/support/pages/node/7157929

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-19 14:15

Updated : 2024-06-20 12:44

NVD link : CVE-2024-38329

Mitre link : CVE-2024-38329

CVE.ORG link : CVE-2024-38329

JSON object : View

Products Affected

No product.

CWE

CWE-285

Improper Authorization

7.7 /10