IBM Tivoli Storage FlashCopy Manager for VMware 3.1.x < / 3.2.x < / 4.1.x < Command Execution

Critical Nessus Plugin ID 87822


A backup application installed on the remote host is affected by multiple remote command execution vulnerabilities.


The version of IBM Tivoli Storage FlashCopy Manager for VMware installed on the remote host is affected by multiple vulnerabilities :

- An unspecified flaw exists in the graphical user interface that allows an unauthenticated, remote attacker to perform backup and restore operations, along with other administrative commands, resulting in a possible adverse impact on the integrity of system operation or the disclosure of confidential information. (CVE-2015-7425)

- A flaw exists in the IBM Data Protection Extension that can result in privilege escalation. An authenticated attacker can exploit this to select an existing virtual machine from the vSphere inventory and perform a Restore operation without having the required privilege for the operation. Although performing this operation does not overwrite the existing virtual machine, the attacker can create a new virtual machine holding the same data, allowing disclosure of information. (CVE-2015-7429)


Upgrade to Tivoli Storage FlashCopy Manager for VMware version / / or later.

See Also

Plugin Details

Severity: Critical

ID: 87822

File Name: tivoli_storage_flashcopy_manager_vmware_CVE-2015-7426.nasl

Version: $Revision: 1.8 $

Type: local

Family: Misc.

Published: 2016/01/08

Modified: 2017/02/13

Dependencies: 86325

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_flashcopy_manager

Required KB Items: installed_sw/Tivoli Storage FlashCopy Manager

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/12/01

Vulnerability Publication Date: 2015/12/11

Reference Information

CVE: CVE-2015-7425, CVE-2015-7429

BID: 79541, 79545

OSVDB: 131676, 134809