IBM Storwize Authenticated Information Disclosure

Low Nessus Plugin ID 76359


The remote host is affected by an information disclosure vulnerability.


The remote Storwize device is a model that is affected by an authenticated information disclosure vulnerability.

In the event of a hardware fault, memory contents containing customer data may be written to a file that can be read by an authenticated user of the system who may not otherwise have access to the data.

Note that Nessus has not checked if the remote device has been patched. The device should be checked manually to confirm if the host is vulnerable.


Apply the appropriate patch according to the vendor's advisories.

See Also

Plugin Details

Severity: Low

ID: 76359

File Name: ibm_storwize_cve_2013_6737.nasl

Version: $Revision: 1.4 $

Type: remote

Family: Misc.

Published: 2014/07/03

Modified: 2015/08/25

Dependencies: 80963

Risk Information

Risk Factor: Low


Base Score: 3.5

Temporal Score: 3

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/h:ibm:storwize_v7000, cpe:/h:ibm:storwize_v5000, cpe:/h:ibm:storwize_v3700, cpe:/h:ibm:storwize_v3500, cpe:/h:ibm:san_volume_controller, cpe:/a:ibm:storwize_v7000_software, cpe:/a:ibm:storwize_v5000_software, cpe:/a:ibm:storwize_v3700_software, cpe:/a:ibm:storwize_v3500_software

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/06/30

Vulnerability Publication Date: 2014/06/30

Reference Information

CVE: CVE-2013-6737

BID: 68133

OSVDB: 108297

IAVA: 2014-A-0092