Access Control Bypass in IBM Storwize V7000 Unified by IBM
CVE-2014-0875

Currently unrated

Key Information:

Vendor: IBM
Status: Storwize Unified V7000 Software; Storwize Unified V7000
Vendor: CVE Published:; 7 July 2014

Summary

The Active Cloud Engine (ACE) in IBM Storwize V7000 Unified allows remote attackers to exploit improper ACL synchronization across unreliable NFS connections. This flaw can lead to bypassing of intended access control lists, enabling unauthorized access under specific conditions when retransmissions are involved. Organizations using affected versions should assess their security posture and apply recommended patching measures.

References

http://www.securityfocus.com/bid/68398

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=ssg1S1004738

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 7, 2014
Vulnerability Reserved
Jan 6, 2014