Vulnerability Description
IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Storwize V7000 Unified Software | 1.3.0.0 |
| Ibm | Storwize V7000 Unified | - |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=ssg1S1004430Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84839
- http://www.ibm.com/support/docview.wss?uid=ssg1S1004430Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84839
FAQ
What is CVE-2013-0500?
CVE-2013-0500 is a vulnerability with a CVSS score of 5.4 (MEDIUM). IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authent...
How severe is CVE-2013-0500?
CVE-2013-0500 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0500?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Storwize V7000 Unified Software, Ibm Storwize V7000 Unified.