Vulnerability Description
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Storwize V7000 Unified Software | 1.3.0.0 |
| Ibm | Storwize Unified V7000 | - |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004837Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93906
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004837Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93906
FAQ
What is CVE-2014-3077?
CVE-2014-3077 is a vulnerability with a CVSS score of 2.1 (LOW). IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by...
How severe is CVE-2014-3077?
CVE-2014-3077 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3077?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Storwize V7000 Unified Software, Ibm Storwize Unified V7000.