Vulnerability Details : CVE-2013-6714
The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-6714
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6714
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.1
|
MEDIUM | AV:L/AC:M/Au:S/C:P/I:P/A:P |
2.7
|
6.4
|
NIST |
CWE ids for CVE-2013-6714
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6714
-
http://www-01.ibm.com/support/docview.wss?uid=swg21673045
IBM Security Bulletin: Privilege Escalation Vulnerability in the FlashCopy Manager for VMware GUI (CVE-2013-6714)Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89057
IBM Tivoli Storage FlashCopy Manager VMware GUI privilege escalation CVE-2013-6714 Vulnerability Report
Products affected by CVE-2013-6714
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0.1:*:*:*:*:*:*:*