CVE-2013-0500
Last modified
CVE-2013-0500 is a vulnerability of currently unknown severity. IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation.. EPSS estimates a 0.99% chance of exploitation in the next 30 days.
Description
IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Storwize V7000 Unified Software | 1.3.0.0 |
| Ibm | Storwize V7000 Unified Software | 1.3.2.0 |
| Ibm | Storwize V7000 Unified Software | 1.3.2.3 |
| Ibm | Storwize V7000 Unified Software | 1.4.0.0 |
| Ibm | Storwize V7000 Unified Software | 1.4.0.4 |
| Ibm | Storwize V7000 Unified Software | 1.4.1.0 |
| Ibm | Storwize V7000 Unified Software | 1.4.1.1 |
| Ibm | Storwize V7000 Unified | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-0500?
How severe is CVE-2013-0500?
How do I fix CVE-2013-0500?
Are you affected by CVE-2013-0500?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST