CVE-2012-6354

Published: Feb 19, 2013Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets.

Affected (5)

Products: Ibm: San Volume Controller Software, Storwize V7000

Ibm

2 products

San Volume Controller Software

Storwize V7000

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm San Volume Controller Software	Version 6.1.0.0
Ibm San Volume Controller Software	Version 6.2.0.0
Ibm San Volume Controller Software	Version 6.3.0.0
Ibm San Volume Controller Software	Version 6.4.0.0
Ibm Storwize V7000	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004277

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/80716

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004277

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/80716

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.