CVE-2013-6737 - OpenCVE

IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Storwize Unified V7000 Storwize Unified V7000 Software

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:storwize_unified_v7000_software:1.3.0.0:::::::*
	cpe:2.3:a:ibm:storwize_unified_v7000_software:1.3.1.0:::::::*
	cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.0:::::::*
	cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.1:::::::*
	cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.2:::::::*
	cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.3:::::::*
	cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.4:::::::*
	cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.5:::::::*
	cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.1.0:::::::*
	cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.1.1:::::::*
	cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.2.0:::::::*
	cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.2.1:::::::*

cpe:2.3:h:ibm:storwize_unified_v7000:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.ibm.com/support/docview.wss?uid=ssg1S1004676
http://www.securityfocus.com/bid/68133
https://exchange.xforce.ibmcloud.com/vulnerabilities/89782

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-06-21T15:00:00

Updated: 2024-08-06T17:46:22.891Z

Reserved: 2013-11-08T00:00:00

Link: CVE-2013-6737

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-06-21T15:55:03.540

Modified: 2017-08-29T01:34:00.623

Link: CVE-2013-6737

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-storwize-cve20136737-diagnostic(89782)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89782"}, {"name": "68133", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68133"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004676"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-6737", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ibm-storwize-cve20136737-diagnostic(89782)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89782"}, {"name": "68133", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68133"}, {"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004676", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004676"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:46:22.891Z"}, "title": "CVE Program Container", "references": [{"name": "ibm-storwize-cve20136737-diagnostic(89782)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89782"}, {"name": "68133", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68133"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004676"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-6737", "datePublished": "2014-06-21T15:00:00", "dateReserved": "2013-11-08T00:00:00", "dateUpdated": "2024-08-06T17:46:22.891Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:storwize_unified_v7000_software:1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4081A9F2-F548-497E-B416-A9FDD793348A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_unified_v7000_software:1.3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9CA982FB-D1DC-463F-8C41-351F0483ECFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6A9E3208-9ED0-4D9F-A06A-7A568032251C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FFE8A36E-E2FD-47F7-AA04-9E6651314E9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4BB4EEAC-1451-4819-BF01-4398B328137B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "4C22A768-16FA-46B4-A1BC-79C6C0329771", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "CE4DF44F-794B-426A-9A2C-AA2BEFF8576C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "3EB7D3C9-A45C-4437-8B47-40DA0502B771", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BAF011E-B681-4043-B90B-2703508CED2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A12F0D1C-0BBD-425E-8110-B93A654A7CD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CBA9D506-2F37-403D-8112-5E1D941AB4D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD6D34A9-01C1-4375-99FE-F6950AA05966", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:storwize_unified_v7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "969B07CF-DEB1-4463-B361-D6A49642F75A", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied."}, {"lang": "es", "value": "IBM System Storage Storwize V7000 Unified 1.3.x y 1.4.x anterior a 1.4.3.0 no restringe debidamente el contenido de un fichero de volcado cuando encuentra un fallo de hardware 1691, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible de fragmentos de datos de clientes mediante la lectura este fichero despu\u00e9s de que est\u00e9 copiado."}], "id": "CVE-2013-6737", "lastModified": "2017-08-29T01:34:00.623", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-21T15:55:03.540", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004676"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/68133"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89782"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}