IBM Storwize Authenticated Information Disclosure

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host is potentially affected by an information disclosure
vulnerability.

Description :

The remote Storwize device is a model that is potentially affected by
an authenticated information disclosure vulnerability.

In the event of a hardware fault, memory contents containing customer
data may be written to a file that can be read by an authenticated
user of the system who may not otherwise have access to the data.

Note that Nessus has not checked if the remote device has been
patched. The device should be checked manually to confirm if the host
is vulnerable.

See also :

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004677
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004676

Solution :

Apply the appropriate patch according to the vendor's advisories.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 76359 ()

Bugtraq ID: 68133

CVE ID: CVE-2013-6737