Security Bulletin
Summary
Incorrect access control list (ACL) might occur in case of a network retransmission, when Active Cloud Engine (ACE) is being used.
Vulnerability Details
CVEID: CVE-2014-0875
DESCRIPTION:
Active Cloud Engine (ACE) component of IBM V7000 Unified uses NFS client operations for data transmission. ACE is used for caching data at remote locations and providing access to data at remote sites as if it is available locally. Where NFS packet re-transmissions occur in response to a noisy or slow responding network, a rare condition can result in an incorrect access control list (ACL) on a file or directory. This could further lead to an unauthorized user having access to that file or directory. The exposure occurs when the ACL is being managed with ACE in IBM Storwize V7000 Unified release versions 1.3 and 1.4.
CVSS Base Score: 3.5
Affected Products and Versions
IBM Storwize V7000 Unified V1.3.0.0 to V1.4.3.X
Remediation/Fixes
A fix for this issue is in version 1.5.0.0 of IBM Storwize V7000 Unified system. Customers running the affected version of V7000 Unified should upgrade to 1.5.0.0 or a later version, so that the fix gets applied.
Workarounds and Mitigations
Workaround(s) : None.
Get Notified about Future Security Bulletins
References
Acknowledgement
None
Change History
02 July 2014 : First Draft
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
ssg1S1004738