CVE-2014-4811

critical

Description

IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/95387

http://www.securityfocus.com/bid/69771

http://www.ibm.com/support/docview.wss?uid=ssg1S1004846

http://secunia.com/advisories/61075

Details

Source: Mitre, NVD

Published: 2014-09-12

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical