Vulnerabilities > IBM > Tivoli Storage Flashcopy Manager FOR Vmware

DATE CVE VULNERABILITY TITLE RISK
2017-02-15 CVE-2016-6033 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2016-02-21 CVE-2015-7425 Permissions, Privileges, and Access Controls vulnerability in IBM products
The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.
network
low complexity
ibm CWE-264
critical
 10.0
10