VIR Vulnerability Intelligence Relay

CVE-2015-7425

critical
Published 2016-02-21 · Modified 2026-05-06
CVSS v3
10.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS v2
10.0
VIR risk
10.0

Description

The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.

Predictions

Exploit likelihood
98%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21973086

Application impact
VendorProductVersionsFixed
ibmtivoli_storage_flashcopy_manager_for_vmware3.1
ibmtivoli_storage_flashcopy_manager_for_vmware3.1.1
ibmtivoli_storage_flashcopy_manager_for_vmware3.2
ibmtivoli_storage_flashcopy_manager_for_vmware6.3
ibmtivoli_storage_flashcopy_manager_for_vmware6.4
ibmtivoli_storage_flashcopy_manager_for_vmware6.4.2
ibmtivoli_storage_flashcopy_manager_for_vmware6.4.3
ibmtivoli_storage_manager_for_virtual_environments_data_protection_for_vmware4.1.0
ibmtivoli_storage_manager_for_virtual_environments_data_protection_for_vmware4.1.1
ibmtivoli_storage_manager_for_virtual_environments_data_protection_for_vmware4.1.2
ibmtivoli_storage_manager_for_virtual_environments_data_protection_for_vmware4.1.3
ibmtivoli_storage_manager_for_virtual_environments_data_protection_for_vmware6.3.1
ibmtivoli_storage_manager_for_virtual_environments_data_protection_for_vmware6.3.2
ibmtivoli_storage_manager_for_virtual_environments_data_protection_for_vmware6.4.1
ibmtivoli_storage_manager_for_virtual_environments_data_protection_for_vmware7.1.0
ibmtivoli_storage_manager_for_virtual_environments_data_protection_for_vmware7.1.1
ibmtivoli_storage_manager_for_virtual_environments_data_protection_for_vmware7.1.2
ibmtivoli_storage_manager_for_virtual_environments_data_protection_for_vmware7.1.3

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.