Vulnerability Description
IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | San Volume Controller Software | 6.1.0.0 |
| Ibm | Storwize V3500 | - |
| Ibm | Storwize V3700 | - |
| Ibm | Storwize V5000 | - |
| Ibm | Storwize V7000 | - |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/61075
- http://www.ibm.com/support/docview.wss?uid=ssg1S1004846PatchVendor Advisory
- http://www.securityfocus.com/bid/69771
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95387
- http://secunia.com/advisories/61075
- http://www.ibm.com/support/docview.wss?uid=ssg1S1004846PatchVendor Advisory
- http://www.securityfocus.com/bid/69771
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95387
FAQ
What is CVE-2014-4811?
CVE-2014-4811 is a vulnerability with a CVSS score of 7.5 (HIGH). IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a dir...
How severe is CVE-2014-4811?
CVE-2014-4811 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4811?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm San Volume Controller Software, Ibm Storwize V3500, Ibm Storwize V3700, Ibm Storwize V5000, Ibm Storwize V7000.