A fix is available for IBM SONAS, for the security issue that unauthorized privileges can be obtained from IBM Service account.
CVEID:
CVE-2014-3043
DESCRIPTION:
The IBM SONAS service account can be used to obtain unauthorized privileges on a IBM SONAS system.
The service account is normally used for carrying out regular service functions in IBM SONAS, such as, initiating a disk discovery process, including disks, applying software, setting the locale, adding or removing a node, changing an error state, setting an event, and writing a serial number.
CVE-2014-3043
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/93339 for the current score
IBM SONAS
The product is affected when running a code releases 1.3.0.0 to 1.4.3.2
A fix for these issues is in version 1.4.3.3 of IBM SONAS.
Workaround(s) : None
Mitigation(s) : A fix for these issues is in version 1.4.3.3 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.4.3.3 or a later version, so that the fix gets applied.