CVE-2015-7425

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Snapshot versions 3.1 through 3.1.1.3 IBM Spectrum Protect Snapshot versions 3.2 through 3.2.0.6 IBM Spectrum Protect Snapshot versions 4.1 through 4.1.4 IBM Spectrum Protect for Virtual Environments versions 6.3 through 6.3.2.5 IBM Spectrum Protect for Virtual Environments versions 6.4 through 6.4.3.1 IBM Spectrum Protect for Virtual Environments versions 7.1 through 7.1.4

Description The issue is related to insufficient access control in the Data Protection component of IBM Spectrum Protect Snapshot and IBM Spectrum Protect for Virtual Environments. Exploitation of this issue may allow a remote attacker to elevate their privileges by using a specially crafted URL that triggers a back-end function execution.

Recommendations For IBM Spectrum Protect Snapshot versions 3.1 through 3.1.1.3, update to version 3.1.1.3 or later. For IBM Spectrum Protect Snapshot versions 3.2 through 3.2.0.6, update to version 3.2.0.6 or later. For IBM Spectrum Protect Snapshot versions 4.1 through 4.1.4, update to version 4.1.4 or later. For IBM Spectrum Protect for Virtual Environments versions 6.3 through 6.3.2.5, update to version 6.3.2.5 or later. For IBM Spectrum Protect for Virtual Environments versions 6.4 through 6.4.3.1, update to version 6.4.3.1 or later. For IBM Spectrum Protect for Virtual Environments versions 7.1 through 7.1.4, update to version 7.1.4 or later.