VIR Vulnerability Intelligence Relay

CVE-2015-7429

high
Published 2016-01-02 · Modified 2026-05-06
CVSS v3
8.5
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS v2
4.0
VIR risk
8.5

Description

The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.4 allows remote authenticated users to restore arbitrary virtual machines and consequently obtain sensitive information by visiting the vSphere inventory.

Predictions

Exploit likelihood
90%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21973087

Application impact
VendorProductVersionsFixed
ibmspectrum_protect_for_virtual_environments7.1
ibmspectrum_protect_snapshot4.1

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.