Vulnerability in Ibm Pureapplication_system

CVE-2014-0960

IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine.

EPSS: 0.001 (31.6th percentile) — read the EPSS interpretation.

Affected products

Ibm Pureapplication_system — versions 1.0.0.0, 1.0.0.1, 1.0.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
ibm-pure-cve20140960-sec-bypass(92743) (vdb-entry, x_refsource_XF)
59254 (x_refsource_SECUNIA, third-party-advisory)