CVE-2024-38329 – IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass

https://notcve.org/view.php?id=CVE-2024-38329

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994. IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 a 8.1.22.0 podría permitir a un atacante autenticado remoto eludir las restricciones de seguridad causadas por una validación inadecuada del permiso del usuario. Al enviar una solicitud especialmente manipulada, un atacante podría aprovechar esta vulnerabilidad para cambiar su configuración, activar copias de seguridad, restaurar copias de seguridad y también eliminar todas las copias de seguridad anteriores mediante la rotación de registros. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294994 https://www.ibm.com/support/pages/node/7157929 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •