Information Disclosure Vulnerability in IBM SONAS and Storwize V7000 Unified
CVE-2014-3077

Currently unrated

Key Information:

Vendor: IBM
Status: Storwize V7000 Unified Software; Storwize Unified V7000
Vendor: CVE Published:; 15 September 2014

Summary

This vulnerability affects IBM SONAS and System Storage Storwize V7000 Unified, where the chkauth password is stored in an audit log file. Local users can exploit this flaw to read the audit logs, potentially leading to unauthorized access to sensitive credentials. This vulnerability underscores the importance of secure logging practices to prevent the exposure of confidential information.

References

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004837

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/93906

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 15, 2014
Vulnerability Reserved
Apr 29, 2014