Vulnerability Description
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Storage Protect For Virtual Environments | >= 8.1.0.0, < 8.1.23.0 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/294994Vendor Advisory
- https://www.ibm.com/support/pages/node/7157929Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/294994Vendor Advisory
- https://www.ibm.com/support/pages/node/7157929Vendor Advisory
FAQ
What is CVE-2024-38329?
CVE-2024-38329 is a vulnerability with a CVSS score of 7.7 (HIGH). IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper valida...
How severe is CVE-2024-38329?
CVE-2024-38329 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-38329?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Storage Protect For Virtual Environments.