Vulnerabilites related to IBM - Storwize V3700
CVE-2018-1464 (GCVE-0-2018-1464)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140395 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V5000 |
Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.245Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181464-info-disc(140395)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181464-info-disc(140395)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1464", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181464-info-disc(140395)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1464", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:17:34.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1462 (GCVE-0-2018-1462)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140363 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V3700 |
Version: 7.1 Version: 6.4 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181462-dos(140363)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181462-dos(140363)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1462", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181462-dos(140363)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1462", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T01:51:33.890Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-29873 (GCVE-0-2021-29873)
Vulnerability from cvelistv5
Published
2021-10-21 16:40
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6497111 | x_refsource_CONFIRM | |
| https://www.ibm.com/support/pages/node/6507091 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/206229 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | FlashSystem 900 |
Version: 1.6.1.4 Version: 1.5.2.10 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:18:03.195Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6497111", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6507091", }, { name: "ibm-storwize-cve202129873-priv-escalation (206229)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "FlashSystem 900", vendor: "IBM", versions: [ { status: "affected", version: "1.6.1.4", }, { status: "affected", version: "1.5.2.10", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Storwize V5100", vendor: "IBM", versions: [ { status: "affected", version: "8.4", }, { status: "affected", version: "7.8", }, ], }, { product: "FlashSystem 9100 Family", vendor: "IBM", versions: [ { status: "affected", version: "8.4", }, { status: "affected", version: "7.8", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Storwize V7000", vendor: "IBM", versions: [ { status: "affected", version: "8.4", }, { status: "affected", version: "7.8", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, ], datePublic: "2021-10-20T00:00:00", descriptions: [ { lang: "en", value: "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.7, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AV:N/I:H/PR:L/C:H/S:U/UI:N/AC:L/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-21T16:40:13", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6497111", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6507091", }, { name: "ibm-storwize-cve202129873-priv-escalation (206229)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-10-20T00:00:00", ID: "CVE-2021-29873", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "FlashSystem 900", version: { version_data: [ { version_value: "1.6.1.4", }, { version_value: "1.5.2.10", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Storwize V5100", version: { version_data: [ { version_value: "8.4", }, { version_value: "7.8", }, ], }, }, { product_name: "FlashSystem 9100 Family", version: { version_data: [ { version_value: "8.4", }, { version_value: "7.8", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Storwize V7000", version: { version_data: [ { version_value: "8.4", }, { version_value: "7.8", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "H", I: "H", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6497111", refsource: "CONFIRM", title: "IBM Security Bulletin 6497111 (SAN Volume Controller)", url: "https://www.ibm.com/support/pages/node/6497111", }, { name: "https://www.ibm.com/support/pages/node/6507091", refsource: "CONFIRM", title: "IBM Security Bulletin 6507091 (FlashSystem 900)", url: "https://www.ibm.com/support/pages/node/6507091", }, { name: "ibm-storwize-cve202129873-priv-escalation (206229)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29873", datePublished: "2021-10-21T16:40:13.636365Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-16T20:17:23.473Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1463 (GCVE-0-2018-1463)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 16:52
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140368 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V5000 |
Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.232Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181463-info-disc(140368)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181463-info-disc(140368)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1463", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181463-info-disc(140368)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1463", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T16:52:50.494Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1434 (GCVE-0-2018-1434)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139474 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | FlashSystem V9000 |
Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.064Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "ibm-storwize-cve20181434-csrf(139474)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.", }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "ibm-storwize-cve20181434-csrf(139474)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1434", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "ibm-storwize-cve20181434-csrf(139474)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1434", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T02:11:40.577Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1466 (GCVE-0-2018-1466)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140397 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | SAN Volume Controller |
Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.128Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181466-info-disc(140397)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181466-info-disc(140397)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1466", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181466-info-disc(140397)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1466", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T17:03:03.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1461 (GCVE-0-2018-1461)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140362 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Spectrum Virtualize Software |
Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181461-xss(140362)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181461-xss(140362)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1461", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181461-xss(140362)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1461", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:27:43.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1465 (GCVE-0-2018-1465)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 18:14
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140396 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V3500 |
Version: 6.4 Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181465-info-disc(140396)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181465-info-disc(140396)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1465", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181465-info-disc(140396)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1465", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T18:14:09.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }