Vulnerabilities > IBM > Tivoli Storage Manager FOR Virtual Environments > 6.3.2.1

DATE	CVE	VULNERABILITY TITLE	RISK
2015-10-04	CVE-2015-1988	Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.3.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. network ibm CWE-79	3.5
2014-05-26	CVE-2013-6713	Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager for Virtual Environments The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (disk consumption) via unspecified GUI actions. local ibm CWE-264	4.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.