Authentication Bypass in IBM SAN Volume Controller and Storwize V7000
CVE-2012-6354

Currently unrated

Key Information:

Vendor: IBM
Status: Storwize V7000; San Volume Controller Software
Vendor: CVE Published:; 19 February 2013

Summary

A vulnerability in the management GUI of IBM SAN Volume Controller and Storwize V7000 versions prior to 6.4.1.3 allows remote attackers to exploit the system by bypassing authentication mechanisms. This vulnerability enables unauthorized users to gain superuser access via specially crafted IP packets, posing a significant risk to the integrity and confidentiality of the stored data.

References

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004277

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/80716

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 19, 2013
Vulnerability Reserved
Dec 16, 2012