CVE-2014-4811

IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmsan_volume_controller_software
6.1.0.0
ibmsan_volume_controller_software
6.1.0.1
ibmsan_volume_controller_software
6.1.0.2
ibmsan_volume_controller_software
6.1.0.3
ibmsan_volume_controller_software
6.1.0.4
ibmsan_volume_controller_software
6.1.0.5
ibmsan_volume_controller_software
6.1.0.6
ibmsan_volume_controller_software
6.1.0.7
ibmsan_volume_controller_software
6.1.0.8
ibmsan_volume_controller_software
6.1.0.9
ibmsan_volume_controller_software
6.1.0.10
ibmsan_volume_controller_software
6.2.0.0
ibmsan_volume_controller_software
6.2.0.1
ibmsan_volume_controller_software
6.2.0.2
ibmsan_volume_controller_software
6.2.0.3
ibmsan_volume_controller_software
6.2.0.4
ibmsan_volume_controller_software
6.2.0.5
ibmsan_volume_controller_software
6.2.0.6
ibmsan_volume_controller_software
6.3.0.0
ibmsan_volume_controller_software
6.3.0.1
ibmsan_volume_controller_software
6.3.0.2
ibmsan_volume_controller_software
6.3.0.3
ibmsan_volume_controller_software
6.3.0.4
ibmsan_volume_controller_software
6.3.0.5
ibmsan_volume_controller_software
6.3.0.6
ibmsan_volume_controller_software
6.3.0.7
ibmsan_volume_controller_software
6.4.0.0
ibmsan_volume_controller_software
6.4.0.1
ibmsan_volume_controller_software
6.4.0.2
ibmsan_volume_controller_software
6.4.0.3
ibmsan_volume_controller_software
6.4.0.4
ibmsan_volume_controller_software
6.4.1.1
ibmsan_volume_controller_software
6.4.1.2
ibmsan_volume_controller_software
6.4.1.3
ibmsan_volume_controller_software
6.4.1.4
ibmsan_volume_controller_software
6.4.1.5
ibmsan_volume_controller_software
6.4.1.6
ibmsan_volume_controller_software
6.4.1.7
ibmsan_volume_controller_software
6.4.1.8
ibmsan_volume_controller_software
7.1.0.0
ibmsan_volume_controller_software
7.1.0.1
ibmsan_volume_controller_software
7.1.0.2
ibmsan_volume_controller_software
7.1.0.3
ibmsan_volume_controller_software
7.1.0.5
ibmsan_volume_controller_software
7.1.0.6
ibmsan_volume_controller_software
7.1.0.7
ibmsan_volume_controller_software
7.2.0.0
ibmsan_volume_controller_software
7.2.0.1
ibmsan_volume_controller_software
7.2.0.2
ibmsan_volume_controller_software
7.2.0.3
ibmsan_volume_controller_software
7.2.0.4
ibmsan_volume_controller_software
7.2.0.5
ibmsan_volume_controller_software
7.2.0.6
ibmsan_volume_controller_software
7.2.0.7
ibmstorwize_v3500
-
ibmstorwize_v3700
-
ibmstorwize_v5000
-
ibmstorwize_v7000
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/61075
http://www.ibm.com/support/docview.wss?uid=ssg1S1004846
http://www.securityfocus.com/bid/69771
https://exchange.xforce.ibmcloud.com/vulnerabilities/95387
http://secunia.com/advisories/61075
http://www.ibm.com/support/docview.wss?uid=ssg1S1004846
http://www.securityfocus.com/bid/69771
https://exchange.xforce.ibmcloud.com/vulnerabilities/95387