CVE-2014-0875 — LOW (3.5) — White Hats Nepal

Vulnerability Description

Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.

CVSS Score

3.5

LOW

AV:N/AC:M/Au:S/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Storwize Unified V7000 Software	1.3.0.0
Ibm	Storwize Unified V7000	-

Related Weaknesses (CWE)

CWE-264

References

http://www.ibm.com/support/docview.wss?uid=ssg1S1004738Vendor Advisory
http://www.securityfocus.com/bid/68398
http://www.ibm.com/support/docview.wss?uid=ssg1S1004738Vendor Advisory
http://www.securityfocus.com/bid/68398

FAQ

What is CVE-2014-0875?

CVE-2014-0875 is a vulnerability with a CVSS score of 3.5 (LOW). Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL s...

How severe is CVE-2014-0875?

CVE-2014-0875 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0875?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Storwize Unified V7000 Software, Ibm Storwize Unified V7000.