Administrator Password Reset Vulnerability in IBM Storwize and SAN Volume Controller
CVE-2014-4811

Currently unrated

Key Information:

Vendor: IBM
Status: San Volume Controller Software; Storwize V3500; Storwize V3700; Storwize V7000
Vendor: CVE Published:; 12 September 2014

Summary

The vulnerability allows remote attackers to reset the administrator superuser password to its default value by sending a direct request to the administrative IP address. This could lead to unauthorized access and manipulation of storage configurations, impacting the overall security and integrity of the systems affected.

References

http://www.ibm.com/support/docview.wss?uid=ssg1S1004846

x_refsource_CONFIRM

http://www.securityfocus.com/bid/69771

vdb-entryx_refsource_BID

http://secunia.com/advisories/61075

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 12, 2014
Vulnerability Reserved
Jul 9, 2014