CVE-2014-4811

HIGH

Description

IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address.

References

http://secunia.com/advisories/61075

http://www.ibm.com/support/docview.wss?uid=ssg1S1004846

http://www.securityfocus.com/bid/69771

https://exchange.xforce.ibmcloud.com/vulnerabilities/95387

Details

Source: MITRE

Published: 2014-09-12

Updated: 2017-08-29

Type: CWE-255

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH