Your one-stop web resource providing safety and security information to manufacturers

A warning is going out to owners of IBM’s Storwize arrays, SAN Volume Controller and Flex System V7000, because they could have their contents disappear forever.

“Administrative access to the system via the IP interface may be obtained without authentication,” said the IBM advisory.

RELATED STORIES
Holes in Netgear Devices
Cisco Security Advisories
Hole Found in D-Link Routers
Asus Updates Router Firmware

“The vulnerabilities can be exploited by a user with access to the system’s management IP interface using vulnerabilities in the Apache Struts component,” the advisory said. “If successful, the user can gain access with superuser privilege which will allow any modification to the configuration, including complete deletion.”

The fix is to upgrade Storwize appliances to version 7.1.0.5 of their operating system.

Cyber Security

IBM said the web interface does not face the Internet, so for someone to attack and wipe out data, it has to be an inside job.

Pin It on Pinterest

Share This