cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-38320,https://securityvulnerability.io/vulnerability/CVE-2024-38320,Cryptographic Vulnerability in IBM Storage Protect for Virtual Environments,"IBM Storage Protect for Virtual Environments, including the Data Protection for VMware and the Backup-Archive Client versions 8.1.0.0 through 8.1.23.0, utilizes cryptographic algorithms that are weaker than expected. This vulnerability may allow an unauthorized attacker to decrypt highly sensitive information, posing a significant risk to the confidentiality of the data being protected.",IBM,"Storage Protect For Virtual Environments: Data Protection For Vmware,Storage Protect Backup-archive Client",5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-27T15:43:06.712Z,0 CVE-2024-39723,https://securityvulnerability.io/vulnerability/CVE-2024-39723,"USB Ports May Be Usable Despite Disabling, Pose Risk to Data Security",IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.,IBM,Storage Virtualize,4.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-08T00:38:47.786Z,0 CVE-2024-38329,https://securityvulnerability.io/vulnerability/CVE-2024-38329,IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass,"IBM Storage Protect for Virtual Environments, specifically versions 8.1.0.0 through 8.1.22.0, is susceptible to a security vulnerability that may allow remote authenticated attackers to bypass critical security restrictions. This flaw arises from the inadequate validation of user permissions. A malicious actor could exploit this vulnerability through specially crafted requests. Potential consequences include unauthorized modifications of configuration settings, initiating or restoring backups, and the deletion of all historical backups via log rotation. This vulnerability poses significant risks to data integrity and recovery processes.",IBM,Storage Protect For Virtual Environments: Data Protection For Vmware,7.7,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-19T13:43:41.191Z,0 CVE-2023-47700,https://securityvulnerability.io/vulnerability/CVE-2023-47700,IBM Storage Virtualize improper certificate validation,"IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.",IBM,Storage Virtualize,5.9,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2024-02-07T16:20:32.473Z,0 CVE-2023-43042,https://securityvulnerability.io/vulnerability/CVE-2023-43042,IBM Storage Virtualize information disclosure,"IBM Storage Products, including the SAN Volume Controller, Storwize, FlashSystem, and Storage Virtualize 8.3, are susceptible to a security flaw due to the use of default passwords for a privileged user account. This vulnerability can potentially allow unauthorized access to sensitive data and administrative functions, presenting significant security risks for organizations relying on these systems.",IBM,Storage Virtualize,7.5,HIGH,0.001820000004954636,false,,false,false,false,,,false,false,,2023-12-14T01:15:00.000Z,0 CVE-2023-49877,https://securityvulnerability.io/vulnerability/CVE-2023-49877,IBM System Storage Virtualization Engine information disclosure,"IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface. IBM X-Force ID: 272651.",IBM,System Storage Virtualization Engine,4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-12-13T21:15:00.000Z,0 CVE-2023-49878,https://securityvulnerability.io/vulnerability/CVE-2023-49878,IBM System Storage Virtualization Engine information disclosure,"IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652.",IBM,System Storage Virtualization Engine,4.3,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2023-12-13T21:15:00.000Z,0 CVE-2023-35897,https://securityvulnerability.io/vulnerability/CVE-2023-35897,IBM Spectrum Protect code execution,"A vulnerability in IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments allows local users to execute arbitrary code by exploiting a DLL hijacking flaw. This security issue affects multiple versions, potentially leading to unauthorized access and manipulation of system resources. Users are advised to review IBM's security advisory for necessary updates and mitigation strategies.",IBM,"Storage Protect Client,Storage Protect For Virtual Environments",8.4,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-10-06T14:15:00.000Z,0 CVE-2023-40368,https://securityvulnerability.io/vulnerability/CVE-2023-40368,IBM Storage Protect information disclosure,IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456.,IBM,"Storage Protect Client,Storage Protect For Space Management,Storage Protect For Virtual Environments",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-20T19:15:00.000Z,0 CVE-2016-6033,https://securityvulnerability.io/vulnerability/CVE-2016-6033,,IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545.,IBM,Tivoli Storage Manager For Virtual Environments,8.8,HIGH,0.0012400000123307109,false,,false,false,false,,,false,false,,2017-02-15T19:00:00.000Z,0 CVE-2016-6034,https://securityvulnerability.io/vulnerability/CVE-2016-6034,,IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.,IBM,Tivoli Storage Manager For Virtual Environments,6.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2017-02-01T20:00:00.000Z,0 CVE-2016-2988,https://securityvulnerability.io/vulnerability/CVE-2016-2988,,IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by leveraging multiple simultaneous logins.,IBM,Tivoli Storage Manager For Virtual Environments,8.5,HIGH,0.0012799999676644802,false,,false,false,false,,,false,false,,2016-11-25T03:38:00.000Z,0 CVE-2015-7425,https://securityvulnerability.io/vulnerability/CVE-2015-7425,,"The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.",IBM,"Tivoli Storage Flashcopy Manager For Vmware,Tivoli Storage Manager For Virtual Environments Data Protection For Vmware",10,CRITICAL,0.007089999970048666,false,,false,false,false,,,false,false,,2016-02-21T18:00:00.000Z,0 CVE-2014-3048,https://securityvulnerability.io/vulnerability/CVE-2014-3048,,Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command.,IBM,"System Storage Virtualization Engine Ts7700 Firmware,System Storage Virtualization Engine Ts7700",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2014-06-08T23:55:00.000Z,0 CVE-2013-6713,https://securityvulnerability.io/vulnerability/CVE-2013-6713,,"The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (disk consumption) via unspecified GUI actions.",IBM,Tivoli Storage Manager For Virtual Environments,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2014-05-26T19:00:00.000Z,0