VIR Vulnerability Intelligence Relay

CVE-2012-6354

high
Published 2013-02-19 · Modified 2026-04-29
CVSS v3
CVSS v2
7.5
VIR risk
7.5

Description

The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004277

Application impact
VendorProductVersionsFixed
ibmsan_volume_controller_software6.1.0.0
ibmsan_volume_controller_software6.2.0.0
ibmsan_volume_controller_software6.3.0.0
ibmsan_volume_controller_software6.4.0.0

References

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.