Lucene search

[email protected]CVE-2014-0875

HistoryJul 07, 2014 - 11:01 a.m.

CVE-2014-0875

2014-07-0711:01:29

CWE-264

[email protected]

web.nvd.nist.gov

cve

2014

0875

ibm

storwize

v7000

ace

acl

bypass

nvd

security

vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.2%

JSON

Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.

Affected configurations

NVD

Node

ibmstorwize_unified_v7000_softwareMatch1.3.0.0

ibmstorwize_unified_v7000_softwareMatch1.3.1.0

ibmstorwize_unified_v7000_softwareMatch1.4.0.0

ibmstorwize_unified_v7000_softwareMatch1.4.0.1

ibmstorwize_unified_v7000_softwareMatch1.4.0.2

ibmstorwize_unified_v7000_softwareMatch1.4.0.3

ibmstorwize_unified_v7000_softwareMatch1.4.0.4

ibmstorwize_unified_v7000_softwareMatch1.4.0.5

ibmstorwize_unified_v7000_softwareMatch1.4.1.0

ibmstorwize_unified_v7000_softwareMatch1.4.1.1

ibmstorwize_unified_v7000_softwareMatch1.4.2.0

ibmstorwize_unified_v7000_softwareMatch1.4.2.1

ibmstorwize_unified_v7000_softwareMatch1.4.3.0

ibmstorwize_unified_v7000_softwareMatch1.4.3.1

ibmstorwize_unified_v7000_softwareMatch1.4.3.2

AND

ibmstorwize_unified_v7000Match-

CPENameOperatorVersion
ibm:storwize_unified_v7000_softwareibm storwize unified v7000 softwareeq1.3.0.0
ibm:storwize_unified_v7000_softwareibm storwize unified v7000 softwareeq1.3.1.0
ibm:storwize_unified_v7000_softwareibm storwize unified v7000 softwareeq1.4.0.0
ibm:storwize_unified_v7000_softwareibm storwize unified v7000 softwareeq1.4.0.1
ibm:storwize_unified_v7000_softwareibm storwize unified v7000 softwareeq1.4.0.2
ibm:storwize_unified_v7000_softwareibm storwize unified v7000 softwareeq1.4.0.3
ibm:storwize_unified_v7000_softwareibm storwize unified v7000 softwareeq1.4.0.4
ibm:storwize_unified_v7000_softwareibm storwize unified v7000 softwareeq1.4.0.5
ibm:storwize_unified_v7000_softwareibm storwize unified v7000 softwareeq1.4.1.0
ibm:storwize_unified_v7000_softwareibm storwize unified v7000 softwareeq1.4.1.1

CPE	Name	Operator	Version
ibm:storwize_unified_v7000_software	ibm storwize unified v7000 software	eq	1.3.0.0
ibm:storwize_unified_v7000_software	ibm storwize unified v7000 software	eq	1.3.1.0
ibm:storwize_unified_v7000_software	ibm storwize unified v7000 software	eq	1.4.0.0
ibm:storwize_unified_v7000_software	ibm storwize unified v7000 software	eq	1.4.0.1
ibm:storwize_unified_v7000_software	ibm storwize unified v7000 software	eq	1.4.0.2
ibm:storwize_unified_v7000_software	ibm storwize unified v7000 software	eq	1.4.0.3
ibm:storwize_unified_v7000_software	ibm storwize unified v7000 software	eq	1.4.0.4
ibm:storwize_unified_v7000_software	ibm storwize unified v7000 software	eq	1.4.0.5
ibm:storwize_unified_v7000_software	ibm storwize unified v7000 software	eq	1.4.1.0
ibm:storwize_unified_v7000_software	ibm storwize unified v7000 software	eq	1.4.1.1