Vulnerability Description
The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | San Volume Controller Software | 6.1.0.0 |
| Ibm | Storwize V7000 | - |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004277Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80716
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004277Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80716
FAQ
What is CVE-2012-6354?
CVE-2012-6354 is a vulnerability with a CVSS score of 7.5 (HIGH). The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets.
How severe is CVE-2012-6354?
CVE-2012-6354 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6354?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm San Volume Controller Software, Ibm Storwize V7000.