CVE-2014-0875

EUVD-2014-0905
Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
ibmstorwize_unified_v7000_software
1.3.0.0
ibmstorwize_unified_v7000_software
1.3.1.0
ibmstorwize_unified_v7000_software
1.4.0.0
ibmstorwize_unified_v7000_software
1.4.0.1
ibmstorwize_unified_v7000_software
1.4.0.2
ibmstorwize_unified_v7000_software
1.4.0.3
ibmstorwize_unified_v7000_software
1.4.0.4
ibmstorwize_unified_v7000_software
1.4.0.5
ibmstorwize_unified_v7000_software
1.4.1.0
ibmstorwize_unified_v7000_software
1.4.1.1
ibmstorwize_unified_v7000_software
1.4.2.0
ibmstorwize_unified_v7000_software
1.4.2.1
ibmstorwize_unified_v7000_software
1.4.3.0
ibmstorwize_unified_v7000_software
1.4.3.1
ibmstorwize_unified_v7000_software
1.4.3.2
ibmstorwize_unified_v7000
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=ssg1S1004738
http://www.securityfocus.com/bid/68398
http://www.ibm.com/support/docview.wss?uid=ssg1S1004738
http://www.securityfocus.com/bid/68398