CVE-2013-0500 - Vulnerability Details - OpenCVE

IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Storwize V7000 Unified Storwize V7000 Unified Software

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.0.0:::::::*
	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.2.0:::::::*
	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.2.3:::::::*
	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.0.0:::::::*
	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.0.4:::::::*
	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.1.0:::::::*
	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.1.1:::::::*

cpe:2.3:h:ibm:storwize_v7000_unified:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.ibm.com/support/docview.wss?uid=ssg1S1004430
https://exchange.xforce.ibmcloud.com/vulnerabilities/84839

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2013-10-17T00:00:00

Updated: 2024-08-06T14:25:10.380Z

Reserved: 2012-12-16T00:00:00

Link: CVE-2013-0500

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-10-17T00:55:03.243

Modified: 2024-11-21T01:47:41.410

Link: CVE-2013-0500

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004430"}, {"name": "storwize-v7000-cve20130500-crossprotocol(84839)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84839"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-0500", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004430", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004430"}, {"name": "storwize-v7000-cve20130500-crossprotocol(84839)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84839"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:25:10.380Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004430"}, {"name": "storwize-v7000-cve20130500-crossprotocol(84839)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84839"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-0500", "datePublished": "2013-10-17T00:00:00", "dateReserved": "2012-12-16T00:00:00", "dateUpdated": "2024-08-06T14:25:10.380Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2890B04-AB96-4B1F-90B0-3F365FD6EF0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE9CC5C3-AE3E-4A24-B35B-3CD35D6D4414", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "BAEA5EAD-5341-429C-9DD4-DEB311485D68", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F9B4C74-9135-4775-AC09-D79BEFF2BD3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E1420861-4678-4282-BFD7-5933C48269F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "02299B18-7BD4-4F39-A5FA-6FFE92F9A12D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C1FF672-811A-43AF-B7C8-61FF78952B7F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:storwize_v7000_unified:-:*:*:*:*:*:*:*", "matchCriteriaId": "37CA8291-F842-4786-9F4D-9EA60DAFE6CE", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation."}, {"lang": "es", "value": "IBM Storwize V7000 Unificado 1.3.xy 1.4.x con versiones anteriores a la 1.4.2.0 no trata correctamente los archivos del dispositivo que se crean con el protocolo NFS pero accesible con un protocolo no NFS, lo que permite a los usuarios autenticados remotos obtener informaci\u00f3n sensible, modificar programas o archivos, o causar una denegaci\u00f3n de servicio (ca\u00edda del aparato) a trav\u00e9s de un (1) CIFS, (2) HTTPS, (3) SCP, o (4) la operaci\u00f3n SFTP."}], "id": "CVE-2013-0500", "lastModified": "2024-11-21T01:47:41.410", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 5.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:M/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-17T00:55:03.243", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004430"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84839"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004430"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84839"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}