3 matches found
CVE-2012-0706
CVE-2012-0706 affects IBM Scale Out NAS (SONAS) 1.3 prior to 1.3.2.3. The embedded LDAP client stores LDAP bind DN and password in cleartext on the local filesystem, enabling an attacker with root access to obtain credentials and potentially access the external LDAP server. IBM notes no vendor fi...
CVE-2012-2163
CVE-2012-2163 affects IBM SONAS 1.1–1.3.1, where an error in the Command Line Interface and Graphical User Interface allows an administrative user to execute arbitrary Linux commands as root via code injection. The IBM flash notes a base CVSS score of 9 and describes impact as enabling command ex...
CVE-2014-3045
CVE-2014-3045 affects IBM SONAS and IBM Storwize V7000 Unified (1.3.0.0–1.4.3.2). Using chuser with -p places the administrative password in the shell history, exposing it to root. The fix is available in version 1.4.3.3 (or later). Workarounds include adjusting HISTIGNORE for root or clearing hi...