CVE-2024-38329

HIGH Year: 2024
CVSS v3 Score
7.7
High
Weakness Type
CWE-863
View all →

Vulnerability Description

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994.

Related Vulnerabilities

CVE-2016-4514

HIGH
CVSS:7.7(High)

Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.

CWE-8632016

CVE-2020-3467

HIGH
CVSS:7.7(High)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. ...

CWE-8632020

CVE-2021-21484

HIGH
CVSS:7.7(High)

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.

CWE-8632021

CVE-2023-23304

HIGH
CVSS:7.7(High)

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious app...

CWE-8632023

CVE-2023-42860

HIGH
CVSS:7.7(High)

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of t...

CWE-8632023

CVE-2024-10975

HIGH
CVSS:7.7(High)

Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. Thi...

CWE-8632024