CVE-2014-4811
First published: Fri Sep 12 2014(Updated: )
IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM SAN Volume Controller | =6.1.0.0 | |
| IBM SAN Volume Controller | =6.1.0.1 | |
| IBM SAN Volume Controller | =6.1.0.2 | |
| IBM SAN Volume Controller | =6.1.0.3 | |
| IBM SAN Volume Controller | =6.1.0.4 | |
| IBM SAN Volume Controller | =6.1.0.5 | |
| IBM SAN Volume Controller | =6.1.0.6 | |
| IBM SAN Volume Controller | =6.1.0.7 | |
| IBM SAN Volume Controller | =6.1.0.8 | |
| IBM SAN Volume Controller | =6.1.0.9 | |
| IBM SAN Volume Controller | =6.1.0.10 | |
| IBM SAN Volume Controller | =6.2.0.0 | |
| IBM SAN Volume Controller | =6.2.0.1 | |
| IBM SAN Volume Controller | =6.2.0.2 | |
| IBM SAN Volume Controller | =6.2.0.3 | |
| IBM SAN Volume Controller | =6.2.0.4 | |
| IBM SAN Volume Controller | =6.2.0.5 | |
| IBM SAN Volume Controller | =6.2.0.6 | |
| IBM SAN Volume Controller | =6.3.0.0 | |
| IBM SAN Volume Controller | =6.3.0.1 | |
| IBM SAN Volume Controller | =6.3.0.2 | |
| IBM SAN Volume Controller | =6.3.0.3 | |
| IBM SAN Volume Controller | =6.3.0.4 | |
| IBM SAN Volume Controller | =6.3.0.5 | |
| IBM SAN Volume Controller | =6.3.0.6 | |
| IBM SAN Volume Controller | =6.3.0.7 | |
| IBM SAN Volume Controller | =6.4.0.0 | |
| IBM SAN Volume Controller | =6.4.0.1 | |
| IBM SAN Volume Controller | =6.4.0.2 | |
| IBM SAN Volume Controller | =6.4.0.3 | |
| IBM SAN Volume Controller | =6.4.0.4 | |
| IBM SAN Volume Controller | =6.4.1.1 | |
| IBM SAN Volume Controller | =6.4.1.2 | |
| IBM SAN Volume Controller | =6.4.1.3 | |
| IBM SAN Volume Controller | =6.4.1.4 | |
| IBM SAN Volume Controller | =6.4.1.5 | |
| IBM SAN Volume Controller | =6.4.1.6 | |
| IBM SAN Volume Controller | =6.4.1.7 | |
| IBM SAN Volume Controller | =6.4.1.8 | |
| IBM SAN Volume Controller | =7.1.0.0 | |
| IBM SAN Volume Controller | =7.1.0.1 | |
| IBM SAN Volume Controller | =7.1.0.2 | |
| IBM SAN Volume Controller | =7.1.0.3 | |
| IBM SAN Volume Controller | =7.1.0.5 | |
| IBM SAN Volume Controller | =7.1.0.6 | |
| IBM SAN Volume Controller | =7.1.0.7 | |
| IBM SAN Volume Controller | =7.2.0.0 | |
| IBM SAN Volume Controller | =7.2.0.1 | |
| IBM SAN Volume Controller | =7.2.0.2 | |
| IBM SAN Volume Controller | =7.2.0.3 | |
| IBM SAN Volume Controller | =7.2.0.4 | |
| IBM SAN Volume Controller | =7.2.0.5 | |
| IBM SAN Volume Controller | =7.2.0.6 | |
| IBM SAN Volume Controller | =7.2.0.7 | |
| IBM Storwize V3500 Software | ||
| IBM Storwize | ||
| IBM Storwize | ||
| IBM Storwize Unified V7000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-4811?
CVE-2014-4811 has a medium severity level, as it allows remote attackers to reset the administrator superuser password.
How do I fix CVE-2014-4811?
To fix CVE-2014-4811, upgrade to the latest version of IBM SAN Volume Controller or Storwize firmware that addresses this vulnerability.
Which devices are affected by CVE-2014-4811?
CVE-2014-4811 affects IBM Storwize 3500, 3700, 5000, 7000 devices, and SAN Volume Controller versions prior to 7.2.0.8.
What actions can I take to mitigate CVE-2014-4811?
To mitigate CVE-2014-4811, restrict access to the management IP address and monitor system logs for unauthorized access attempts.
Is my data at risk with CVE-2014-4811?
Yes, if exploited, CVE-2014-4811 could potentially allow unauthorized users to gain administrative access and jeopardize your data security.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm san volume controller
- version/ibm san volume controller/6.1.0.0
- version/ibm san volume controller/6.1.0.1
- version/ibm san volume controller/6.1.0.2
- version/ibm san volume controller/6.1.0.3
- version/ibm san volume controller/6.1.0.4
- version/ibm san volume controller/6.1.0.5
- version/ibm san volume controller/6.1.0.6
- version/ibm san volume controller/6.1.0.7
- version/ibm san volume controller/6.1.0.8
- version/ibm san volume controller/6.1.0.9
- version/ibm san volume controller/6.1.0.10
- version/ibm san volume controller/6.2.0.0
- version/ibm san volume controller/6.2.0.1
- version/ibm san volume controller/6.2.0.2
- version/ibm san volume controller/6.2.0.3
- version/ibm san volume controller/6.2.0.4
- version/ibm san volume controller/6.2.0.5
- version/ibm san volume controller/6.2.0.6
- version/ibm san volume controller/6.3.0.0
- version/ibm san volume controller/6.3.0.1
- version/ibm san volume controller/6.3.0.2
- version/ibm san volume controller/6.3.0.3
- version/ibm san volume controller/6.3.0.4
- version/ibm san volume controller/6.3.0.5
- version/ibm san volume controller/6.3.0.6
- version/ibm san volume controller/6.3.0.7
- version/ibm san volume controller/6.4.0.0
- version/ibm san volume controller/6.4.0.1
- version/ibm san volume controller/6.4.0.2
- version/ibm san volume controller/6.4.0.3
- version/ibm san volume controller/6.4.0.4
- version/ibm san volume controller/6.4.1.1
- version/ibm san volume controller/6.4.1.2
- version/ibm san volume controller/6.4.1.3
- version/ibm san volume controller/6.4.1.4
- version/ibm san volume controller/6.4.1.5
- version/ibm san volume controller/6.4.1.6
- version/ibm san volume controller/6.4.1.7
- version/ibm san volume controller/6.4.1.8
- version/ibm san volume controller/7.1.0.0
- version/ibm san volume controller/7.1.0.1
- version/ibm san volume controller/7.1.0.2
- version/ibm san volume controller/7.1.0.3
- version/ibm san volume controller/7.1.0.5
- version/ibm san volume controller/7.1.0.6
- version/ibm san volume controller/7.1.0.7
- version/ibm san volume controller/7.2.0.0
- version/ibm san volume controller/7.2.0.1
- version/ibm san volume controller/7.2.0.2
- version/ibm san volume controller/7.2.0.3
- version/ibm san volume controller/7.2.0.4
- version/ibm san volume controller/7.2.0.5
- version/ibm san volume controller/7.2.0.6
- version/ibm san volume controller/7.2.0.7
- canonical/ibm storwize v3500 software
- canonical/ibm storwize
- canonical/ibm storwize unified v7000