CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2014-3043
https://notcve.org/view.php?id=CVE-2014-3043
19 Jul 2014 — IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account. IBM Storwize V7000 Unified 1.3.x y 1.4.x anterior a 1.4.3.3 permite a usuarios remotos autenticados ganar privilegios mediante el aprovechamiento del acceso a la cuenta de servicio. • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004811 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-0875
https://notcve.org/view.php?id=CVE-2014-0875
07 Jul 2014 — Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions. Active Cloud Engine (ACE) en IBM Storwize V7000 Unified 1.3.0.0 hasta 1.4.3.x permite a atacantes remotos evadir las restricciones ACL en circunstancias oportunistas mediante el aprovechamiento de la sincronización ACL incorrecta so... • http://www.ibm.com/support/docview.wss?uid=ssg1S1004738 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2013-6737
https://notcve.org/view.php?id=CVE-2013-6737
21 Jun 2014 — IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied. IBM System Storage Storwize V7000 Unified 1.3.x y 1.4.x anterior a 1.4.3.0 no restringe debidamente el contenido de un fichero de volcado cuando encuentra un fallo de hardware 1691, lo que permite a usuarios remotos aut... • http://www.ibm.com/support/docview.wss?uid=ssg1S1004676 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 143EXPL: 0CVE-2014-0880
https://notcve.org/view.php?id=CVE-2014-0880
29 Mar 2014 — IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrative IP address. IBM SAN Volume Controller; Storwize V3500, V3700, V5000 y V7000; y Flex System V7000 con software 6.3 y 6.4 anterior a 6.4.1.8 y 7.1 y 7.2 anterior a 7.2.0.3, permite a atacantes remotos obtener acceso... • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004570 •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2013-5376
https://notcve.org/view.php?id=CVE-2013-5376
17 Oct 2013 — Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user. Vulnerabilidad XSS en IBM Storwize V7000 Unified 1.3.x y 1.4.x anterior a la versión 1.4.2.0 permite a usuarios remotos sin autenticar inyectar script web arbitrario o HTML a través de vectores sin especificar, relacionados con un ataqu... • http://www.ibm.com/support/docview.wss?uid=ssg1S1004452 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0500
https://notcve.org/view.php?id=CVE-2013-0500
17 Oct 2013 — IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation. IBM Storwize V7000 Unificado 1.3.xy 1.4.x con versiones anteriores a la 1.4.2.0 no trata correctamente los archivos del dispositivo que s... • http://www.ibm.com/support/docview.wss?uid=ssg1S1004430 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-6354
https://notcve.org/view.php?id=CVE-2012-6354
19 Feb 2013 — The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets. La interfaz de gestión en el controlador de volumen SAN IBM Storwize V7000 v6.x antes de v6.4.1.3 permite a atacantes remotos evitar la autenticación y obtener acceso de superusuario a través de paquetes IP. • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004277 • CWE-287: Improper Authentication •