IBM TSM for Virtual Environments 6.3.x < 188.8.131.52 / 6.4.x < 184.108.40.206 / 7.1.x < 220.127.116.11 RCE
Critical Nessus Plugin ID 87823
SynopsisA backup application installed on the remote host is affected by a remote command execution vulnerability.
DescriptionThe version of IBM Tivoli Storage Manager (TSM) for Virtual Environments installed on the remote host is 6.3.x prior to 18.104.22.168, 6.4.x prior to 22.214.171.124, or 7.1.x prior to 126.96.36.199. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the user interface that allows an unauthenticated, remote attacker to perform backup and restore operations and to execute TSM administrative commands. (CVE-2015-7425)
- A privilege escalation vulnerability exists in the IBM Data Protection Extension. An authenticated, remote attacker can exploit this to select an existing virtual machine from the vSphere inventory and perform a restore operation even though the attacker does not have the privilege level required for the operation. The restore operation will not overwrite the existing virtual machine but instead will create a new virtual machine with the same data as the existing virtual machine.
After the restore creates the new virtual machine, the attacker can then access its unencrypted data, regardless of access permissions to the existing virtual machine data. Note that this issue only applies to version 7.1.x prior to 7.1.4. (CVE-2015-7429)
SolutionUpgrade to Tivoli Storage Manager for Virtual Environments version 188.8.131.52 / 184.108.40.206 / 220.127.116.11 or later.