Information Disclosure Vulnerability in IBM System Storage Storwize V7000 Unified
CVE-2013-6737

Currently unrated

Key Information:

Vendor: IBM
Status: Storwize Unified V7000 Software; Storwize Unified V7000
Vendor: CVE Published:; 21 June 2014

Summary

IBM System Storage Storwize V7000 Unified versions 1.3.x and 1.4.x prior to 1.4.3.0 suffer from a vulnerability where the system fails to adequately restrict the content of dump files created when a 1691 hardware fault occurs. This issue allows remote authenticated users to access sensitive fragments of customer data by reading the improperly protected dump file after it has been copied, potentially leading to unauthorized data exposure.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/89782

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/68133

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=ssg1S1004676

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 21, 2014
Vulnerability Reserved
Nov 8, 2013