All the vulnerabilites related to IBM - Storwize V7000
var-201711-0922
Vulnerability from variot

A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531. IBM Storwize V7000 Contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability IBM X-Force ID: 134531 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple IBM Products are prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges and perform unauthorized actions. IBM Storwize V7000, Storwize V5000 and FlashSystem V9000 are all products of IBM Corporation in the United States. Both IBM Storwize V7000 and Storwize V5000 are virtualized storage systems. FlashSystem V9000 is an all-flash enterprise storage solution. Service Assistant GUI is one of the graphical user interfaces. The following products and versions are affected: IBM SAN Volume Controller version 8.1.0.0; IBM Storwize V7000 version 8.1.0.0; IBM Storwize V5000 version 8.1.0.0; IBM FlashSystem V9000 version 8.1.0.0

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0922",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "storwize v5000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "storwize v7000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "flashsystem v9000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "flashsystem v9000",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "san volume controller software",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize v5000 software",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize v7000 software",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70008.1.0.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50008.1.0.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v90008.1.0.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70008.1.0.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50008.1.0.1"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.1"
      },
      {
        "model": "flashsystem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v90008.1.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "101770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010228"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-321"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:storwize_v7000_firmware:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:storwize_v5000_firmware:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_v9000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:san_volume_controller_firmware:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1710"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM.",
    "sources": [
      {
        "db": "BID",
        "id": "101770"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-321"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-1710",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-1710",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-108088",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-1710",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-1710",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-321",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-108088",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108088"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010228"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-321"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531. IBM Storwize V7000 Contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability IBM X-Force ID: 134531 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple IBM Products are prone to a remote privilege-escalation vulnerability. \nAn attacker can exploit this issue to gain elevated privileges and perform unauthorized actions. IBM Storwize V7000, Storwize V5000 and FlashSystem V9000 are all products of IBM Corporation in the United States. Both IBM Storwize V7000 and Storwize V5000 are virtualized storage systems. FlashSystem V9000 is an all-flash enterprise storage solution. Service Assistant GUI is one of the graphical user interfaces. The following products and versions are affected: IBM SAN Volume Controller version 8.1.0.0; IBM Storwize V7000 version 8.1.0.0; IBM Storwize V5000 version 8.1.0.0; IBM FlashSystem V9000 version 8.1.0.0",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1710"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010228"
      },
      {
        "db": "BID",
        "id": "101770"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108088"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-1710",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "101770",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1039776",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010228",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-321",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-108088",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108088"
      },
      {
        "db": "BID",
        "id": "101770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010228"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-321"
      }
    ]
  },
  "id": "VAR-201711-0922",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108088"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:14:05.857000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "S1010788",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1010788"
      },
      {
        "title": "Multiple IBM product Service Assistant GUI Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76218"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-321"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108088"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010228"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1710"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/101770"
      },
      {
        "trust": 1.7,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1010788"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039776"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1710"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1710"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1010788"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108088"
      },
      {
        "db": "BID",
        "id": "101770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010228"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-321"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-108088"
      },
      {
        "db": "BID",
        "id": "101770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010228"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-321"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108088"
      },
      {
        "date": "2017-11-08T00:00:00",
        "db": "BID",
        "id": "101770"
      },
      {
        "date": "2017-12-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010228"
      },
      {
        "date": "2017-11-13T23:29:00.370000",
        "db": "NVD",
        "id": "CVE-2017-1710"
      },
      {
        "date": "2017-11-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-321"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108088"
      },
      {
        "date": "2017-12-19T22:36:00",
        "db": "BID",
        "id": "101770"
      },
      {
        "date": "2017-12-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010228"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-1710"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-321"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-321"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM Storwize V7000 Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010228"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-321"
      }
    ],
    "trust": 0.6
  }
}

cve-2021-29873
Vulnerability from cvelistv5
Published
2021-10-21 16:40
Modified
2024-09-16 20:17
Summary
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
Impacted products
Vendor Product Version
IBM FlashSystem V9000 Version: 7.8
Version: 8.4
IBM Storwize V3500 Version: 7.8
Version: 8.4
IBM Storwize V5000 Version: 7.8
Version: 8.4
IBM Storwize V5100 Version: 8.4
Version: 7.8
IBM FlashSystem 9100 Family Version: 8.4
Version: 7.8
IBM Storwize V3700 Version: 7.8
Version: 8.4
IBM SAN Volume Controller Version: 7.8
Version: 8.4
IBM Storwize V7000 Version: 8.4
Version: 7.8
IBM Spectrum Virtualize Software Version: 7.8
Version: 8.4
IBM Spectrum Virtualize for Public Cloud Version: 7.8
Version: 8.4
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:03.195Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6497111"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6507091"
          },
          {
            "name": "ibm-storwize-cve202129873-priv-escalation (206229)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FlashSystem 900",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "1.6.1.4"
            },
            {
              "status": "affected",
              "version": "1.5.2.10"
            }
          ]
        },
        {
          "product": "FlashSystem V9000",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        },
        {
          "product": "Storwize V3500",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        },
        {
          "product": "Storwize V5000",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        },
        {
          "product": "Storwize V5100",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.4"
            },
            {
              "status": "affected",
              "version": "7.8"
            }
          ]
        },
        {
          "product": "FlashSystem 9100 Family",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.4"
            },
            {
              "status": "affected",
              "version": "7.8"
            }
          ]
        },
        {
          "product": "Storwize V3700",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        },
        {
          "product": "SAN Volume Controller",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        },
        {
          "product": "Storwize V7000",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.4"
            },
            {
              "status": "affected",
              "version": "7.8"
            }
          ]
        },
        {
          "product": "Spectrum Virtualize Software",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        },
        {
          "product": "Spectrum Virtualize for Public Cloud",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.8"
            },
            {
              "status": "affected",
              "version": "8.4"
            }
          ]
        }
      ],
      "datePublic": "2021-10-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AV:N/I:H/PR:L/C:H/S:U/UI:N/AC:L/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-21T16:40:13",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6497111"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6507091"
        },
        {
          "name": "ibm-storwize-cve202129873-priv-escalation (206229)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-10-20T00:00:00",
          "ID": "CVE-2021-29873",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FlashSystem 900",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.6.1.4"
                          },
                          {
                            "version_value": "1.5.2.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FlashSystem V9000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Storwize V3500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Storwize V5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Storwize V5100",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.4"
                          },
                          {
                            "version_value": "7.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FlashSystem 9100 Family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.4"
                          },
                          {
                            "version_value": "7.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Storwize V3700",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAN Volume Controller",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Storwize V7000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.4"
                          },
                          {
                            "version_value": "7.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Virtualize Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Virtualize for Public Cloud",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8"
                          },
                          {
                            "version_value": "8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6497111",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6497111 (SAN Volume Controller)",
              "url": "https://www.ibm.com/support/pages/node/6497111"
            },
            {
              "name": "https://www.ibm.com/support/pages/node/6507091",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6507091 (FlashSystem 900)",
              "url": "https://www.ibm.com/support/pages/node/6507091"
            },
            {
              "name": "ibm-storwize-cve202129873-priv-escalation (206229)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29873",
    "datePublished": "2021-10-21T16:40:13.636365Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T20:17:23.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}