CVE-2014-3077

LOW

Description

IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

References

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004837

https://exchange.xforce.ibmcloud.com/vulnerabilities/93906

Details

Source: MITRE

Published: 2014-09-15

Updated: 2017-08-29

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW