Cross-Protocol Vulnerability in IBM Storwize V7000 Unified
CVE-2013-0500

Currently unrated

Key Information:

Vendor: IBM
Status: Storwize V7000 Unified Software; Storwize V7000 Unified
Vendor: CVE Published:; 17 October 2013

What is CVE-2013-0500?

The IBM Storwize V7000 Unified fails to properly manage device files created through the NFS protocol when accessed via non-NFS methods. This flaw allows authenticated remote users to potentially gain access to sensitive information, manipulate files or programs, and even trigger a denial of service by crashing the device. The vulnerability is present in version 1.3.x and 1.4.x prior to version 1.4.2.0, demanding immediate attention for users operating affected versions.

References

http://www.ibm.com/support/docview.wss?uid=ssg1S1004430

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/84839

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2013
Vulnerability Reserved
Dec 16, 2012