CVE-2014-3077

IBM Storwize V7000 Unified 1.3.x-1.4.3.3 - Exposure of Sensitive Information in Audit Log

Title source: llm
STIX 2.1

Description

IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/93906

Scores

EPSS 0.0031
EPSS Percentile 23.1%

Details

CWE
CWE-200
Status published
Products (11)
ibm/storwize_unified_v7000
ibm/storwize_v7000_unified_software 1.3.0.0
ibm/storwize_v7000_unified_software 1.3.2.0
ibm/storwize_v7000_unified_software 1.3.2.3
ibm/storwize_v7000_unified_software 1.4.0.0
ibm/storwize_v7000_unified_software 1.4.0.4
ibm/storwize_v7000_unified_software 1.4.1.0
ibm/storwize_v7000_unified_software 1.4.1.1
ibm/storwize_v7000_unified_software 1.4.2.0
ibm/storwize_v7000_unified_software 1.4.3.0
... and 1 more
Published Sep 15, 2014
Tracked Since Feb 18, 2026