CVE-2014-3077: Infoleak
First published: Mon Sep 15 2014(Updated: )
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Storwize V7000 Unified Software | =1.3.0.0 | |
| Ibm Storwize V7000 Unified Software | =1.3.2.0 | |
| Ibm Storwize V7000 Unified Software | =1.3.2.3 | |
| Ibm Storwize V7000 Unified Software | =1.4.0.0 | |
| Ibm Storwize V7000 Unified Software | =1.4.0.4 | |
| Ibm Storwize V7000 Unified Software | =1.4.1.0 | |
| Ibm Storwize V7000 Unified Software | =1.4.1.1 | |
| Ibm Storwize V7000 Unified Software | =1.4.2.0 | |
| Ibm Storwize V7000 Unified Software | =1.4.3.0 | |
| Ibm Storwize V7000 Unified Software | =1.4.3.3 | |
| Ibm Storwize Unified V7000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm storwize v7000 unified software
- version/ibm storwize v7000 unified software/1.3.0.0
- version/ibm storwize v7000 unified software/1.3.2.0
- version/ibm storwize v7000 unified software/1.3.2.3
- version/ibm storwize v7000 unified software/1.4.0.0
- version/ibm storwize v7000 unified software/1.4.0.4
- version/ibm storwize v7000 unified software/1.4.1.0
- version/ibm storwize v7000 unified software/1.4.1.1
- version/ibm storwize v7000 unified software/1.4.2.0
- version/ibm storwize v7000 unified software/1.4.3.0
- version/ibm storwize v7000 unified software/1.4.3.3
- canonical/ibm storwize unified v7000