Unrated severityNVD Advisory· Published Sep 15, 2014· Updated May 6, 2026

CVE-2014-3077

Description

IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Affected products

IBM/Storwize Unified V7000 Software10 versions
cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.0.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.3.3:*:*:*:*:*:*:*
IBM/Storwize Unified V7000
cpe:2.3:h:ibm:storwize_unified_v7000:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www-01.ibm.com/support/docview.wssnvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/93906nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000