All the vulnerabilites related to IBM - FlashSystem 9100 Family
cve-2018-1775
Vulnerability from cvelistv5
Published
2019-02-27 22:00
Modified
2024-09-16 18:43
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.
Impacted products
Vendor Product Version
IBM torwize V3500 Version: 7.5
Version: 8.2
IBM torwize V3700 Version: 7.5
Version: 8.2
IBM Spectrum Virtualize for Public Cloud Version: 7.5
Version: 8.2
IBM Spectrum Virtualize Software Version: 7.5
Version: 8.2
IBM SAN Volume Controller Version: 7.5
Version: 8.2
IBM FlashSystem V9000 Version: 7.5
Version: 8.2
IBM torwize V5000 Version: 7.5
Version: 8.2
IBM FlashSystem 9100 Family Version: 7.5
Version: 8.2
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107187",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107187"
          },
          {
            "name": "ibm-storwize-cve20181775-file-download(148757)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "torwize V7000",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "torwize V3500",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "torwize V3700",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "Spectrum Virtualize for Public Cloud",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "Spectrum Virtualize Software",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "SAN Volume Controller",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "FlashSystem V9000",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "torwize V5000",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "FlashSystem 9100 Family",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        }
      ],
      "datePublic": "2019-02-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "TEMPORARY_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:T",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-01T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "107187",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107187"
        },
        {
          "name": "ibm-storwize-cve20181775-file-download(148757)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-02-25T00:00:00",
          "ID": "CVE-2018-1775",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "torwize V7000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "torwize V3500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "torwize V3700",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Virtualize for Public Cloud",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Virtualize Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAN Volume Controller",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FlashSystem V9000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "torwize V5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FlashSystem 9100 Family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "T"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107187",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107187"
            },
            {
              "name": "ibm-storwize-cve20181775-file-download(148757)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10872486",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1775",
    "datePublished": "2019-02-27T22:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T18:43:43.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-29873
Vulnerability from cvelistv5
Published
2021-10-21 16:40
Modified
2024-09-16 20:17
Summary
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
Impacted products
Vendor Product Version
IBM FlashSystem V9000 Version: 7.8
Version: 8.4
IBM Storwize V3500 Version: 7.8
Version: 8.4
IBM Storwize V5000 Version: 7.8
Version: 8.4
IBM Storwize V5100 Version: 8.4
Version: 7.8
IBM FlashSystem 9100 Family Version: 8.4
Version: 7.8
IBM Storwize V3700 Version: 7.8
Version: 8.4
IBM SAN Volume Controller Version: 7.8
Version: 8.4
IBM Storwize V7000 Version: 8.4
Version: 7.8
IBM Spectrum Virtualize Software Version: 7.8
Version: 8.4
IBM Spectrum Virtualize for Public Cloud Version: 7.8
Version: 8.4
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:03.195Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6497111"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6507091"
          },
          {
            "name": "ibm-storwize-cve202129873-priv-escalation (206229)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FlashSystem 900",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "1.6.1.4"
            },
            {
              "status": "affected",
              "version": "1.5.2.10"
            }
          ]
        },
        {
          "product": "FlashSystem V9000",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        },
        {
          "product": "Storwize V3500",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        },
        {
          "product": "Storwize V5000",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        },
        {
          "product": "Storwize V5100",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.4"
            },
            {
              "status": "affected",
              "version": "7.8"
            }
          ]
        },
        {
          "product": "FlashSystem 9100 Family",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.4"
            },
            {
              "status": "affected",
              "version": "7.8"
            }
          ]
        },
        {
          "product": "Storwize V3700",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        },
        {
          "product": "SAN Volume Controller",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        },
        {
          "product": "Storwize V7000",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.4"
            },
            {
              "status": "affected",
              "version": "7.8"
            }
          ]
        },
        {
          "product": "Spectrum Virtualize Software",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        },
        {
          "product": "Spectrum Virtualize for Public Cloud",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        }
      ],
      "datePublic": "2021-10-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AV:N/I:H/PR:L/C:H/S:U/UI:N/AC:L/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-21T16:40:13",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6497111"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6507091"
        },
        {
          "name": "ibm-storwize-cve202129873-priv-escalation (206229)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-10-20T00:00:00",
          "ID": "CVE-2021-29873",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FlashSystem 900",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.6.1.4"
                          },
                          {
                            "version_value": "1.5.2.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FlashSystem V9000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Storwize V3500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Storwize V5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Storwize V5100",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.4"
                          },
                          {
                            "version_value": "7.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FlashSystem 9100 Family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.4"
                          },
                          {
                            "version_value": "7.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Storwize V3700",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAN Volume Controller",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Storwize V7000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.4"
                          },
                          {
                            "version_value": "7.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Virtualize Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Virtualize for Public Cloud",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6497111",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6497111 (SAN Volume Controller)",
              "url": "https://www.ibm.com/support/pages/node/6497111"
            },
            {
              "name": "https://www.ibm.com/support/pages/node/6507091",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6507091 (FlashSystem 900)",
              "url": "https://www.ibm.com/support/pages/node/6507091"
            },
            {
              "name": "ibm-storwize-cve202129873-priv-escalation (206229)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29873",
    "datePublished": "2021-10-21T16:40:13.636365Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T20:17:23.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}