Vulnerabilites related to IBM - Spectrum Virtualize for Public Cloud
cve-2018-1464
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140395 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V5000 |
Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.245Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181464-info-disc(140395)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181464-info-disc(140395)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1464", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181464-info-disc(140395)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1464", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:17:34.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1462
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140363 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V3700 |
Version: 7.1 Version: 6.4 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181462-dos(140363)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181462-dos(140363)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1462", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181462-dos(140363)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1462", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T01:51:33.890Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1466
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140397 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | SAN Volume Controller |
Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.128Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181466-info-disc(140397)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181466-info-disc(140397)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1466", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181466-info-disc(140397)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1466", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T17:03:03.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1775
Vulnerability from cvelistv5
Published
2019-02-27 22:00
Modified
2024-09-16 18:43
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/107187 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/148757 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=ibm10872486 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | torwize V7000 |
Version: 7.5 Version: 8.2 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:07:44.355Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "107187", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107187", }, { name: "ibm-storwize-cve20181775-file-download(148757)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10872486", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "torwize V7000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.2", }, ], }, { product: "torwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.2", }, ], }, { product: "torwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.2", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.2", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.2", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.2", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.2", }, ], }, { product: "torwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.2", }, ], }, { product: "FlashSystem 9100 Family", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.2", }, ], }, ], datePublic: "2019-02-25T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "TEMPORARY_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:T", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-01T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "107187", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107187", }, { name: "ibm-storwize-cve20181775-file-download(148757)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10872486", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-02-25T00:00:00", ID: "CVE-2018-1775", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "torwize V7000", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.2", }, ], }, }, { product_name: "torwize V3500", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.2", }, ], }, }, { product_name: "torwize V3700", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.2", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.2", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.2", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.2", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.2", }, ], }, }, { product_name: "torwize V5000", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.2", }, ], }, }, { product_name: "FlashSystem 9100 Family", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "H", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "T", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "107187", refsource: "BID", url: "http://www.securityfocus.com/bid/107187", }, { name: "ibm-storwize-cve20181775-file-download(148757)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757", }, { name: "https://www.ibm.com/support/docview.wss?uid=ibm10872486", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10872486", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1775", datePublished: "2019-02-27T22:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T18:43:43.401Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1465
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 18:14
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140396 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V3500 |
Version: 6.4 Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181465-info-disc(140396)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181465-info-disc(140396)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1465", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181465-info-disc(140396)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1465", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T18:14:09.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1463
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 16:52
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140368 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V5000 |
Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.232Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181463-info-disc(140368)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181463-info-disc(140368)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1463", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181463-info-disc(140368)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1463", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T16:52:50.494Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1461
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140362 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Spectrum Virtualize Software |
Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181461-xss(140362)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181461-xss(140362)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1461", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181461-xss(140362)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1461", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:27:43.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29873
Vulnerability from cvelistv5
Published
2021-10-21 16:40
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6497111 | x_refsource_CONFIRM | |
| https://www.ibm.com/support/pages/node/6507091 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/206229 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | FlashSystem 900 |
Version: 1.6.1.4 Version: 1.5.2.10 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:18:03.195Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6497111", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6507091", }, { name: "ibm-storwize-cve202129873-priv-escalation (206229)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "FlashSystem 900", vendor: "IBM", versions: [ { status: "affected", version: "1.6.1.4", }, { status: "affected", version: "1.5.2.10", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Storwize V5100", vendor: "IBM", versions: [ { status: "affected", version: "8.4", }, { status: "affected", version: "7.8", }, ], }, { product: "FlashSystem 9100 Family", vendor: "IBM", versions: [ { status: "affected", version: "8.4", }, { status: "affected", version: "7.8", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Storwize V7000", vendor: "IBM", versions: [ { status: "affected", version: "8.4", }, { status: "affected", version: "7.8", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, ], datePublic: "2021-10-20T00:00:00", descriptions: [ { lang: "en", value: "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.7, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AV:N/I:H/PR:L/C:H/S:U/UI:N/AC:L/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-21T16:40:13", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6497111", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6507091", }, { name: "ibm-storwize-cve202129873-priv-escalation (206229)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-10-20T00:00:00", ID: "CVE-2021-29873", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "FlashSystem 900", version: { version_data: [ { version_value: "1.6.1.4", }, { version_value: "1.5.2.10", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Storwize V5100", version: { version_data: [ { version_value: "8.4", }, { version_value: "7.8", }, ], }, }, { product_name: "FlashSystem 9100 Family", version: { version_data: [ { version_value: "8.4", }, { version_value: "7.8", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Storwize V7000", version: { version_data: [ { version_value: "8.4", }, { version_value: "7.8", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "H", I: "H", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6497111", refsource: "CONFIRM", title: "IBM Security Bulletin 6497111 (SAN Volume Controller)", url: "https://www.ibm.com/support/pages/node/6497111", }, { name: "https://www.ibm.com/support/pages/node/6507091", refsource: "CONFIRM", title: "IBM Security Bulletin 6507091 (FlashSystem 900)", url: "https://www.ibm.com/support/pages/node/6507091", }, { name: "ibm-storwize-cve202129873-priv-escalation (206229)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29873", datePublished: "2021-10-21T16:40:13.636365Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-16T20:17:23.473Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1434
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139474 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | FlashSystem V9000 |
Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.064Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "ibm-storwize-cve20181434-csrf(139474)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.", }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "ibm-storwize-cve20181434-csrf(139474)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1434", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "ibm-storwize-cve20181434-csrf(139474)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1434", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T02:11:40.577Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202110-0579
Vulnerability from variot
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229. IBM Flash System 900 There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 206229 It is published as.Information is obtained and service operation is interrupted (DoS) It may be in a state. The IBM Flash System 900 is a fully optimized all-flash storage array from IBM Corporation of the United States. Used to accelerate business development
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202110-0579", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "san volume controller", scope: "lt", trust: 1, vendor: "ibm", version: "8.4.0.0", }, { model: "spectrum virtualize", scope: "lt", trust: 1, vendor: "ibm", version: "8.4.0.0", }, { model: "storwize v5100 software", scope: "gte", trust: 1, vendor: "ibm", version: "7.8.0.0", }, { model: "storwize v3700 software", scope: "lt", trust: 1, vendor: "ibm", version: "8.4.0.0", }, { model: "storwize v7000 software", scope: "lt", trust: 1, vendor: "ibm", version: "8.4.0.0", }, { model: "spectrum virtualize for public cloud", scope: "lt", trust: 1, vendor: "ibm", version: "8.4.0.0", }, { model: "san volume controller", scope: "gte", trust: 1, vendor: "ibm", version: "7.8.0.0", }, { model: "flashsystem 9100", scope: "lt", trust: 1, vendor: "ibm", version: "8.4.0.0", }, { model: "storwize v7000 software", scope: "gte", trust: 1, vendor: "ibm", version: "7.8.0.0", }, { model: "spectrum virtualize", scope: "gte", trust: 1, vendor: "ibm", version: "7.8.0.0", }, { model: "flashsystem 9000", scope: "lt", trust: 1, vendor: "ibm", version: "8.4.0.0", }, { model: "spectrum virtualize for public cloud", scope: "gte", trust: 1, vendor: "ibm", version: "7.8.0.0", }, { model: "storwize v5000 software", scope: "lt", trust: 1, vendor: "ibm", version: "8.4.0.0", }, { model: "flashsystem 9000", scope: "gte", trust: 1, vendor: "ibm", version: "7.8.0.0", }, { model: "storwize v3700 software", scope: "gte", trust: 1, vendor: "ibm", version: "7.8.0.0", }, { model: "storwize v5000 software", scope: "gte", trust: 1, vendor: "ibm", version: "7.8.0.0", }, { model: "storwize v3500 software", scope: "lt", trust: 1, vendor: "ibm", version: "8.4.0.0", }, { model: "flashsystem 9100", scope: "gte", trust: 1, vendor: "ibm", version: "7.8.0.0", }, { model: "storwize v3500 software", scope: "gte", trust: 1, vendor: "ibm", version: "7.8.0.0", }, { model: "storwize v5100 software", scope: "lt", trust: 1, vendor: "ibm", version: "8.4.0.0", }, { model: "flashsystem v9000", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "storwize v3500 ソフトウェア", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "spectrum virtualize for public cloud", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "storwize v5100 ソフトウェア", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "san volume controller", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "spectrum virtualize software", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "storwize v3700 ソフトウェア", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "storwize v7000 ソフトウェア", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "storwize v5000 ソフトウェア", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "flashsystem v9100", scope: null, trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-014085", }, { db: "NVD", id: "CVE-2021-29873", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:storwize_v3500_software:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:storwize_v3700_software:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:storwize_v5000_software:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:storwize_v5100_software:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:storwize_v7000_software:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:ibm:flashsystem_9100_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:ibm:flashsystem_9100:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:ibm:flashsystem_9000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:ibm:flashsystem_9000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-29873", }, ], }, cve: "CVE-2021-29873", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 4.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-29873", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "VHN-389501", impactScore: 4.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:P/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.2, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.1, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-29873", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-29873", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2021-29873", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202110-1494", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-389501", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-389501", }, { db: "JVNDB", id: "JVNDB-2021-014085", }, { db: "NVD", id: "CVE-2021-29873", }, { db: "NVD", id: "CVE-2021-29873", }, { db: "CNNVD", id: "CNNVD-202110-1494", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229. IBM Flash System 900 There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 206229 It is published as.Information is obtained and service operation is interrupted (DoS) It may be in a state. The IBM Flash System 900 is a fully optimized all-flash storage array from IBM Corporation of the United States. Used to accelerate business development", sources: [ { db: "NVD", id: "CVE-2021-29873", }, { db: "JVNDB", id: "JVNDB-2021-014085", }, { db: "VULHUB", id: "VHN-389501", }, { db: "VULMON", id: "CVE-2021-29873", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-29873", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2021-014085", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202110-1494", trust: 0.7, }, { db: "VULHUB", id: "VHN-389501", trust: 0.1, }, { db: "VULMON", id: "CVE-2021-29873", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-389501", }, { db: "VULMON", id: "CVE-2021-29873", }, { db: "JVNDB", id: "JVNDB-2021-014085", }, { db: "NVD", id: "CVE-2021-29873", }, { db: "CNNVD", id: "CNNVD-202110-1494", }, ], }, id: "VAR-202110-0579", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-389501", }, ], trust: 0.01, }, last_update_date: "2023-12-18T12:42:18.121000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "ibm-storwize-cve202129873-priv-escalation (206229)", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6497111", }, { title: "IBM Flash System 900 Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=166664", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-014085", }, { db: "CNNVD", id: "CNNVD-202110-1494", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-014085", }, { db: "NVD", id: "CVE-2021-29873", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://www.ibm.com/support/pages/node/6507091", }, { trust: 1.8, url: "https://www.ibm.com/support/pages/node/6497111", }, { trust: 1.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-29873", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-389501", }, { db: "VULMON", id: "CVE-2021-29873", }, { db: "JVNDB", id: "JVNDB-2021-014085", }, { db: "NVD", id: "CVE-2021-29873", }, { db: "CNNVD", id: "CNNVD-202110-1494", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-389501", }, { db: "VULMON", id: "CVE-2021-29873", }, { db: "JVNDB", id: "JVNDB-2021-014085", }, { db: "NVD", id: "CVE-2021-29873", }, { db: "CNNVD", id: "CNNVD-202110-1494", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-10-21T00:00:00", db: "VULHUB", id: "VHN-389501", }, { date: "2021-10-21T00:00:00", db: "VULMON", id: "CVE-2021-29873", }, { date: "2022-10-04T00:00:00", db: "JVNDB", id: "JVNDB-2021-014085", }, { date: "2021-10-21T17:15:07.800000", db: "NVD", id: "CVE-2021-29873", }, { date: "2021-10-20T00:00:00", db: "CNNVD", id: "CNNVD-202110-1494", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-12T00:00:00", db: "VULHUB", id: "VHN-389501", }, { date: "2021-10-21T00:00:00", db: "VULMON", id: "CVE-2021-29873", }, { date: "2022-10-04T08:49:00", db: "JVNDB", id: "JVNDB-2021-014085", }, { date: "2022-07-12T17:42:04.277000", db: "NVD", id: "CVE-2021-29873", }, { date: "2022-07-14T00:00:00", db: "CNNVD", id: "CNNVD-202110-1494", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202110-1494", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Flash System 900 Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2021-014085", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202110-1494", }, ], trust: 0.6, }, }