Main Vulnerability Database SB2024072904

SB2024072904 - Improper authorization in IBM Storage Protect for Virtual Environments: Data Protection for VMware

Published: July 29, 2024

Security Bulletin ID SB2024072904

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authorization (CVE-ID: CVE-2024-38329)

The vulnerability allows a remote user to bypass security restrictions.

The vulnerability exists due to improper validation of user permission. A remote user can send a specially crafted request and exploit this vulnerability to change settings, trigger backups, restore backups, and also delete all previous backups via log rotation.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7157929
https://exchange.xforce.ibmcloud.com/vulnerabilities/294994