Vulnerability Details : CVE-2014-0875
Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.
Exploit prediction scoring system (EPSS) score for CVE-2014-0875
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 35 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-0875
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2014-0875
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0875
-
http://www.ibm.com/support/docview.wss?uid=ssg1S1004738
IBM Security Bulletin: Incorrect access control list (ACL) might occur in case of a network retransmission, when Active Cloud Engine (ACE) is being used on IBM Storwize V7000 Unified system (CVE-2014-Vendor Advisory
-
http://www.securityfocus.com/bid/68398
IBM Storwize V7000 Unified CVE-2014-0875 Unauthorized Access Security Bypass Vulnerability
Products affected by CVE-2014-0875
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.3.2:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:storwize_unified_v7000:-:*:*:*:*:*:*:*