CVE-2015-7426

critical

Published 2016-01-02 · Modified 2026-05-06

CVSS v3

10.0

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2

10.0

VIR risk

10.0

Description

The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

Predictions

Exploit likelihood

98%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21971484

Application impact

Vendor	Product	Versions	Fixed
ibm	spectrum_protect_for_virtual_environments	`7.1`
ibm	spectrum_protect_snapshot	`4.1`

References

http://www-01.ibm.com/support/docview.wss?uid=swg21971484
http://www-01.ibm.com/support/docview.wss?uid=swg21971484

CWEs

CWE-78

Verify integrity in audit chain (admin only). AS-IS.