CVE-2014-3077
IBM Storwize V7000 Unified 1.3.x-1.4.3.3 - Exposure of Sensitive Information in Audit Log
Title source: llmDescription
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004837
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/93906
Scores
EPSS
0.0031
EPSS Percentile
23.1%
Details
CWE
CWE-200
Status
published
Products (11)
ibm/storwize_unified_v7000
ibm/storwize_v7000_unified_software
1.3.0.0
ibm/storwize_v7000_unified_software
1.3.2.0
ibm/storwize_v7000_unified_software
1.3.2.3
ibm/storwize_v7000_unified_software
1.4.0.0
ibm/storwize_v7000_unified_software
1.4.0.4
ibm/storwize_v7000_unified_software
1.4.1.0
ibm/storwize_v7000_unified_software
1.4.1.1
ibm/storwize_v7000_unified_software
1.4.2.0
ibm/storwize_v7000_unified_software
1.4.3.0
... and 1 more
Published
Sep 15, 2014
Tracked Since
Feb 18, 2026