IBMA3B485AA7C45CFEDDC90FB86D6E17C4E5A0103CEC37255628CD6E35471EE112ESecurity Bulletin: RPM vulnerability issue on IBM Storwize V7000 Unified (CVE-2013-6435)
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
Summary
A fix is available for IBM Storwize V7000 Unified, for the security issue that an attacker could execute arbitrary code on the system by exploiting a vulnerability in RPM
Vulnerability Details
CVEID: CVE-2013-6435
**DESCRIPTION:**RPM Package Manager (RPM) is a package management system. It is used in IBM Storwize V7000 Unified.
RPM Package Manager has a flaw in managing temporary files during package installation. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99254> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Affected Products and Versions
IBM Storwize V7000 Unified
All products are affected when running code releases 1.3, 1.4 and 1.5 except for version 1.5.2.0 and above.
Remediation/Fixes
IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Storwize V7000 Unified to the following code level or higher:
1.5.2.0_
__
_Latest Storwize V7000 Unified Software
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm storwize v7000 unified (2073) | eq | 1.5 |
Related
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C