Security Bulletin: Unauthorized privileges can be obtained from IBM Service account on IBM SONAS (CVE-2014-3043)

Summary

A fix is available for IBM SONAS, for the security issue that unauthorized privileges can be obtained from IBM Service account.

Vulnerability Details

CVEID:
CVE-2014-3043

DESCRIPTION:
The IBM SONAS service account can be used to obtain unauthorized privileges on a IBM SONAS system.

The service account is normally used for carrying out regular service functions in IBM SONAS, such as, initiating a disk discovery process, including disks, applying software, setting the locale, adding or removing a node, changing an error state, setting an event, and writing a serial number.

CVE-2014-3043
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/93339 for the current score

Affected Products and Versions

IBM SONAS
The product is affected when running a code releases 1.3.0.0 to 1.4.3.2

Remediation/Fixes

A fix for these issues is in version 1.4.3.3 of IBM SONAS.

Workarounds and Mitigations

Workaround(s) : None

Mitigation(s) : A fix for these issues is in version 1.4.3.3 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.4.3.3 or a later version, so that the fix gets applied.