CVE-2013-6737 : IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does no

IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied.

Published 2014-06-21 15:55:04

Updated 2025-04-12 10:46:41

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2013-6737

IBM » Storwize Unified V7000 Software » Version: 1.4.2.1
cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Storwize Unified V7000 Software » Version: 1.4.1.0
cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.1.0:*:*:*:*:*:*:*
Matching versions
IBM » Storwize Unified V7000 Software » Version: 1.4.0.5
cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Storwize Unified V7000 Software » Version: 1.3.1.0
cpe:2.3:a:ibm:storwize_unified_v7000_software:1.3.1.0:*:*:*:*:*:*:*
Matching versions
IBM » Storwize Unified V7000 Software » Version: 1.3.0.0
cpe:2.3:a:ibm:storwize_unified_v7000_software:1.3.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Storwize Unified V7000 Software » Version: 1.4.1.1
cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Storwize Unified V7000 Software » Version: 1.4.0.2
cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Storwize Unified V7000 Software » Version: 1.4.0.1
cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Storwize Unified V7000 Software » Version: 1.4.0.0
cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Storwize Unified V7000 Software » Version: 1.4.2.0
cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.2.0:*:*:*:*:*:*:*
Matching versions
IBM » Storwize Unified V7000 Software » Version: 1.4.0.4
cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Storwize Unified V7000 Software » Version: 1.4.0.3
cpe:2.3:a:ibm:storwize_unified_v7000_software:1.4.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Storwize Unified V7000 » Version: N/A
cpe:2.3:h:ibm:storwize_unified_v7000:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-6737

EPSS FAQ

0.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-6737

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2013-6737

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6737

https://exchange.xforce.ibmcloud.com/vulnerabilities/89782

IBM System Storage Storwize information disclosure CVE-2013-6737 Vulnerability Report
http://www.ibm.com/support/docview.wss?uid=ssg1S1004676

IBM Security Bulletin: Hardware failure diagnostic information can include customer data fragments in IBM System Storage Storwize V7000 Unified (CVE-2013-6737)
Vendor Advisory
http://www.securityfocus.com/bid/68133

Multiple IBM Products CVE-2013-6737Unauthorized Access Vulnerability

Jump to

Vulnerability Details : CVE-2013-6737

Products affected by CVE-2013-6737

Exploit prediction scoring system (EPSS) score for CVE-2013-6737

CVSS scores for CVE-2013-6737

CWE ids for CVE-2013-6737

References for CVE-2013-6737