IBM Storwize Authenticated Information Disclosure

medium Nessus Plugin ID 76359

Synopsis

The remote host is affected by an information disclosure vulnerability.

Description

The remote Storwize device is a model that is affected by an authenticated information disclosure vulnerability.

In the event of a hardware fault, memory contents containing customer data may be written to a file that can be read by an authenticated user of the system who may not otherwise have access to the data.

Note that Nessus has not checked if the remote device has been patched. The device should be checked manually to confirm if the host is vulnerable.

Solution

Apply the appropriate patch according to the vendor's advisories.

See Also

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004677

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004676

Plugin Details

Severity: Medium

ID: 76359

File Name: ibm_storwize_cve_2013_6737.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 7/3/2014

Updated: 11/26/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2013-6737

Vulnerability Information

CPE: cpe:/h:ibm:storwize_v7000, cpe:/h:ibm:storwize_v5000, cpe:/h:ibm:storwize_v3700, cpe:/h:ibm:storwize_v3500, cpe:/h:ibm:san_volume_controller, cpe:/a:ibm:storwize_v7000_software, cpe:/a:ibm:storwize_v5000_software, cpe:/a:ibm:storwize_v3700_software, cpe:/a:ibm:storwize_v3500_software

Exploit Ease: No known exploits are available

Patch Publication Date: 6/30/2014

Vulnerability Publication Date: 6/30/2014

Reference Information

CVE: CVE-2013-6737

BID: 68133

IAVA: 2014-A-0092