CVE-2014-0960

Published Jun 14, 2014

Last updated 7 years ago

Overview

Description: IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine.
Source: psirt@us.ibm.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.6
Impact score: 10
Exploitability score: 2.7
Vector string: AV:L/AC:M/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:pureapplication_system:1.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D7AB60B-E38B-42C7-B785-D9520C1F5564"
          },
          {
            "criteria": "cpe:2.3:a:ibm:pureapplication_system:1.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93F1E692-07AD-4694-A387-A27B35BA3C6E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:pureapplication_system:1.0.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62BDCFEF-A68F-45C3-83BA-A8414456D458"
          },
          {
            "criteria": "cpe:2.3:a:ibm:pureapplication_system:1.0.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A88D35F2-FB42-4DED-B8FA-F0357CA97591"
          },
          {
            "criteria": "cpe:2.3:a:ibm:pureapplication_system:1.0.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCA691EB-FB6D-4CD0-9A4E-588AE9437202"
          },
          {
            "criteria": "cpe:2.3:a:ibm:pureapplication_system:1.1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D657332-C9B9-4E7B-89D9-5AEF3501141A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:pureapplication_system:1.1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E36D4ED9-CFF0-4196-A130-E0C47B69967F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:pureapplication_system:1.1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0886278-57ED-4925-8FE4-B2873F1D9D7B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:pureapplication_system:1.1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95EC7D5B-53FA-463C-AAB9-C4AF7383B5DF"
          },
          {
            "criteria": "cpe:2.3:a:ibm:pureapplication_system:1.1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A583AB8-CF8F-4376-B72C-DD32F8A2A173"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References