Lucene search

K
ibmIBMB4FD409846BC477F7E2953E4C8F960515DC4E0D5564EB720E28E817DE28FA2C0
HistoryMar 29, 2023 - 1:48 a.m.

Security Bulletin: IBM SAN Volume Controller and Storwize Family security vulnerabilities (CVE-2013-4310 CVE-2013-4316)

2023-03-2901:48:02
www.ibm.com
18
ibm san volume controller
storwize family
cve-2013-4310
cve-2013-4316
administrative access
authentication
vulnerable products
fix
ip interface restriction

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.015 Low

EPSS

Percentile

86.9%

Summary

Security Bulletin: IBM SAN Volume Controller and Storwize Family security vulnerabilities (CVE-2013-4310 CVE-2013-4316)

Vulnerability Details

Security Bulletin


Summary

Administrative access to the system via the IP interface may be obtained without authentication.

Vulnerability Details


CVEID: CVE-2013-4310 CVE-2013-4316 DESCRIPTION:

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.

CVE-2013-4310
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87336 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

DESCRIPTION:

An unspecified error in Apache Struts related to the default enabling of Dynamic Method Invocation (DMI) could lead to remote code execution.

CVE-2013-4316
CVSS Base Score: 10.0
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87373 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected Products and Versions


IBM SAN Volume Controller
Storwize V7000 for Lenovo
Storwize V5000 for Lenovo
Storwize V3700 for Lenovo
Storwize V3500 for Lenovo

All products affected when running a version below V6.4.1.7 or V7.1.0.6.

Remediation/Fixes


For IBM SAN Volume Controller, Storwize V7000, V5000, V3700 and V3500 for Lenovo and IBM Flex System V7000, install the V6.4.1.7 or V7.1.0.6 PTF level or higher.

Workarounds and Mitigations


Access to the system’s IP interface can be restricted, for example using a private network or firewall technology. Only users with access to the IP interface can exploit the vulnerability.

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.015 Low

EPSS

Percentile

86.9%

Related for B4FD409846BC477F7E2953E4C8F960515DC4E0D5564EB720E28E817DE28FA2C0