This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2013-10-16
Product Storwize v7000 Unified Software Last view 2014-09-15
Version 1.4.0.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:storwize_v7000_unified_software

Activity : Overall

Related : CVE

  Date Alert Description
2.1 2014-09-15 CVE-2014-3077

IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.
4.3 2013-10-16 CVE-2013-5376

Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user.
5.4 2013-10-16 CVE-2013-0500

IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-200 Information Exposure
33% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
33% (1) CWE-20 Improper Input Validation

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0083 Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity: Category I - VMSKEY: V0060983

Nessus® Vulnerability Scanner

id Description
2015-06-26 Name: The remote IBM Storwize device is affected by multiple vulnerabilities.
File: ibm_storwize_1_5_0_2.nasl - Type: ACT_GATHER_INFO