CVE-2014-0875
https://notcve.org/view.php?id=CVE-2014-0875
Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions. Active Cloud Engine (ACE) en IBM Storwize V7000 Unified 1.3.0.0 hasta 1.4.3.x permite a atacantes remotos evadir las restricciones ACL en circunstancias oportunistas mediante el aprovechamiento de la sincronización ACL incorrecta sobre una conexión NFS no fiable que requiere retransmisiones. • http://www.ibm.com/support/docview.wss?uid=ssg1S1004738 http://www.securityfocus.com/bid/68398 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-6737
https://notcve.org/view.php?id=CVE-2013-6737
IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied. IBM System Storage Storwize V7000 Unified 1.3.x y 1.4.x anterior a 1.4.3.0 no restringe debidamente el contenido de un fichero de volcado cuando encuentra un fallo de hardware 1691, lo que permite a usuarios remotos autenticados obtener información sensible de fragmentos de datos de clientes mediante la lectura este fichero después de que esté copiado. • http://www.ibm.com/support/docview.wss?uid=ssg1S1004676 http://www.securityfocus.com/bid/68133 https://exchange.xforce.ibmcloud.com/vulnerabilities/89782 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-5376
https://notcve.org/view.php?id=CVE-2013-5376
Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user. Vulnerabilidad XSS en IBM Storwize V7000 Unified 1.3.x y 1.4.x anterior a la versión 1.4.2.0 permite a usuarios remotos sin autenticar inyectar script web arbitrario o HTML a través de vectores sin especificar, relacionados con un ataque "cross frame scripting" contra un usuario administrativo. • http://www.ibm.com/support/docview.wss?uid=ssg1S1004452 https://exchange.xforce.ibmcloud.com/vulnerabilities/86902 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0500
https://notcve.org/view.php?id=CVE-2013-0500
IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation. IBM Storwize V7000 Unificado 1.3.xy 1.4.x con versiones anteriores a la 1.4.2.0 no trata correctamente los archivos del dispositivo que se crean con el protocolo NFS pero accesible con un protocolo no NFS, lo que permite a los usuarios autenticados remotos obtener información sensible, modificar programas o archivos, o causar una denegación de servicio (caída del aparato) a través de un (1) CIFS, (2) HTTPS, (3) SCP, o (4) la operación SFTP. • http://www.ibm.com/support/docview.wss?uid=ssg1S1004430 https://exchange.xforce.ibmcloud.com/vulnerabilities/84839 • CWE-20: Improper Input Validation •