Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-0875

Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.

Published

2014-07-07T11:01:29.087

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.5 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

6.8

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ibm storwize_unified_v7000_software 1.3.0.0 Yes
Application ibm storwize_unified_v7000_software 1.3.1.0 Yes
Application ibm storwize_unified_v7000_software 1.4.0.0 Yes
Application ibm storwize_unified_v7000_software 1.4.0.1 Yes
Application ibm storwize_unified_v7000_software 1.4.0.2 Yes
Application ibm storwize_unified_v7000_software 1.4.0.3 Yes
Application ibm storwize_unified_v7000_software 1.4.0.4 Yes
Application ibm storwize_unified_v7000_software 1.4.0.5 Yes
Application ibm storwize_unified_v7000_software 1.4.1.0 Yes
Application ibm storwize_unified_v7000_software 1.4.1.1 Yes
Application ibm storwize_unified_v7000_software 1.4.2.0 Yes
Application ibm storwize_unified_v7000_software 1.4.2.1 Yes
Application ibm storwize_unified_v7000_software 1.4.3.0 Yes
Application ibm storwize_unified_v7000_software 1.4.3.1 Yes
Application ibm storwize_unified_v7000_software 1.4.3.2 Yes
Hardware ibm storwize_unified_v7000 - Yes
References