Vulnerabilities > IBM > Tivoli Storage Manager FOR Virtual Environments > 6.3.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-10-04 | CVE-2015-1988 | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.3.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-05-26 | CVE-2013-6713 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager for Virtual Environments The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (disk consumption) via unspecified GUI actions. | 4.1 |