All the vulnerabilites related to ibm - flashsystem_v9000_firmware
cve-2020-4686
Vulnerability from cvelistv5
Published
2020-08-17 12:35
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6260199 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/186678 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | SAN Volume Controller and Storwize Family |
Version: 8.3.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6260199"
},
{
"name": "ibm-spectrum-cve20204686-priv-escalation (186678)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186678"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAN Volume Controller and Storwize Family",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.3.1"
}
]
}
],
"datePublic": "2020-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/AV:N/PR:L/UI:N/I:H/S:U/AC:H/A:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T12:35:12",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6260199"
},
{
"name": "ibm-spectrum-cve20204686-priv-escalation (186678)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186678"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-08-14T00:00:00",
"ID": "CVE-2020-4686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAN Volume Controller and Storwize Family",
"version": {
"version_data": [
{
"version_value": "8.3.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6260199",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6260199 (SAN Volume Controller and Storwize Family)",
"url": "https://www.ibm.com/support/pages/node/6260199"
},
{
"name": "ibm-spectrum-cve20204686-priv-escalation (186678)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186678"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4686",
"datePublished": "2020-08-17T12:35:12.569271Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T16:58:32.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1710
Vulnerability from cvelistv5
Published
2017-11-13 23:00
Modified
2024-09-17 01:25
Severity ?
EPSS score ?
Summary
A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1010788 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039776 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/134531 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/101770 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Storwize V7000 (2076) |
Version: 8.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:31.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788"
},
{
"name": "1039776",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039776"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531"
},
{
"name": "101770",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101770"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Storwize V7000 (2076)",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-15T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788"
},
{
"name": "1039776",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039776"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531"
},
{
"name": "101770",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101770"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-11-08T00:00:00",
"ID": "CVE-2017-1710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Storwize V7000 (2076)",
"version": {
"version_data": [
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788"
},
{
"name": "1039776",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039776"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531"
},
{
"name": "101770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101770"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1710",
"datePublished": "2017-11-13T23:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T01:25:35.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7446
Vulnerability from cvelistv5
Published
2016-03-12 15:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-03-12T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7446",
"datePublished": "2016-03-12T15:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-11-13 23:29
Modified
2024-11-21 03:22
Severity ?
Summary
A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ssg1S1010788 | Issue Tracking, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/101770 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1039776 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/134531 | Issue Tracking, VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ssg1S1010788 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101770 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039776 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/134531 | Issue Tracking, VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storwize_v7000_firmware | 8.1 | |
| ibm | storwize_v7000 | - | |
| ibm | storwize_v5000_firmware | 8.1 | |
| ibm | storwize_v5000 | - | |
| ibm | flashsystem_v9000_firmware | 8.1 | |
| ibm | flashsystem_v9000 | - | |
| ibm | san_volume_controller_firmware | 8.1 | |
| ibm | san_volume_controller | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:storwize_v7000_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0F9CE9-D622-49F7-8D2C-4C4A7E9E6DBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2ED020-4C7B-4303-ABE6-74D46D127556",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:storwize_v5000_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "834DC12B-18ED-4D1A-869D-727A226FDD58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB7116F-7DF8-4FF5-B982-FA08604B3BCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flashsystem_v9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9C13EA-8C4C-42C5-A451-611FF0904AE8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:san_volume_controller_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F6CF13-51C2-4943-9658-F72FADE4B37A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D84487-CEBA-48A0-9B15-A0300D992E3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el Service Assistant GUI en IBM Storwize V7000 (2076) 8.1 podr\u00eda permitir que un atacante remoto realice un escalado de privilegios. IBM X-Force ID: 134531."
}
],
"id": "CVE-2017-1710",
"lastModified": "2024-11-21T03:22:14.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-13T23:29:00.370",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101770"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039776"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-12 15:59
Modified
2024-11-21 02:36
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | flashsystem_v9000_firmware | 7.4 | |
| ibm | flashsystem_v9000_firmware | 7.5 | |
| ibm | flashsystem_v9000_firmware | 7.6 | |
| ibm | flashsystem_9846-ac2 | - | |
| ibm | flashsystem_9846-ae2 | - | |
| ibm | flashsystem_9848-ac2 | - | |
| ibm | flashsystem_9848-ae2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB7FCA5-3B8C-4719-8BDB-5F2D60F0587A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A7373F0A-1417-4840-B408-34F45728CD51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6691B38-0A7B-463F-A1C8-9CA37FD3E0F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flashsystem_9846-ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CC9EB5-07BE-4469-AAA5-CD45E757920F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flashsystem_9846-ae2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6915102E-4450-4A3A-9B81-670B02E7BDEC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flashsystem_9848-ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E677E8A2-A1A1-4FAC-8B3A-77882CB8C1DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flashsystem_9848-ae2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5C253A-086B-4ADB-AFBF-74BFAA696AA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en IBM Flash System V9000 7.4 en versiones anteriores a 7.4.1.4, 7.5 en versiones anteriores a 7.5.1.3 y 7.6 en versiones anteriores a 7.6.0.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios por peticiones que insertan secuencias XSS."
}
],
"id": "CVE-2015-7446",
"lastModified": "2024-11-21T02:36:48.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-12T15:59:00.150",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-17 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/186678 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6260199 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/186678 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6260199 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | spectrum_virtualize | 8.3.1 | |
| ibm | spectrum_virtualize | 8.3.1 | |
| ibm | flashsystem_v5000_firmware | 8.3.1 | |
| ibm | flashsystem_v5000 | - | |
| ibm | flashsystem_v7200_firmware | 8.3.1 | |
| ibm | flashsystem_v7200 | - | |
| ibm | flashsystem_v9000_firmware | 8.3.1 | |
| ibm | flashsystem_v9000 | - | |
| ibm | flashsystem_v9100_firmware | 8.3.1 | |
| ibm | flashsystem_v9100 | - | |
| ibm | flashsystem_v9200_firmware | 8.3.1 | |
| ibm | flashsystem_v9200 | - | |
| ibm | san_volume_controller_firmware | 8.3.1 | |
| ibm | san_volume_controller | - | |
| ibm | storwize_v5000_firmware | 8.3.1 | |
| ibm | storwize_v5000 | - | |
| ibm | storwize_v5000e_firmware | 8.3.1 | |
| ibm | storwize_v5000e | - | |
| ibm | storwize_v5100_firmware | 8.3.1 | |
| ibm | storwize_v5100 | - | |
| ibm | storwize_v7000_firmware | 8.3.1 | |
| ibm | storwize_v7000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_virtualize:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "257A4181-9C9A-41FA-B696-5D7E1E1EEE5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:spectrum_virtualize:8.3.1:*:*:*:public_cloud:*:*:*",
"matchCriteriaId": "E6CAB5CA-73E1-4CAD-9793-40A6DBC6FF81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flashsystem_v5000_firmware:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34E0B118-BB59-4AA5-8E62-DD1A96A7EDCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flashsystem_v5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01CF1C5A-F06E-4B0C-99D6-A7D099DFB3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flashsystem_v7200_firmware:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "603DECB9-2DB7-454C-BDF6-A7FE16460A56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flashsystem_v7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "642DFC1E-FA8E-4751-9875-9B157D0E2D7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA16BD66-A859-43EE-B992-669C8A956FEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flashsystem_v9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9C13EA-8C4C-42C5-A451-611FF0904AE8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flashsystem_v9100_firmware:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D11841F3-5122-4955-88CC-0E7F700111E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flashsystem_v9100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9885F2-D9C5-4F91-8BCE-60684AFFC789",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flashsystem_v9200_firmware:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B519DF-1F09-4F1A-8108-C6E382F1052F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flashsystem_v9200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07A8B986-90FE-4AB4-B8E7-9479194FE3A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:san_volume_controller_firmware:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91A752A0-06B6-4768-9F19-0B28F6AB3D44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D84487-CEBA-48A0-9B15-A0300D992E3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:storwize_v5000_firmware:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2A11B4-1378-44B3-B007-0ACCCB48CE67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:storwize_v5000e_firmware:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F886288-E5BD-4B2E-8707-6FA2E56205DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:storwize_v5000e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "721F3BDB-9530-49E5-900C-8913029A6A79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:storwize_v5100_firmware:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20D8408F-769F-4D07-BE40-644DD38650F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:storwize_v5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38CF9525-1FF5-4941-8043-476FB3B50E32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:storwize_v7000_firmware:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C99EE10-DA45-4779-ACEA-79170920A676",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2ED020-4C7B-4303-ABE6-74D46D127556",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678."
},
{
"lang": "es",
"value": "IBM Spectrum Virtualize versi\u00f3n 8.3.1, podr\u00eda permitir a un usuario autenticado remoto por medio de LDAP escalar sus privilegios y realizar acciones a las que no deber\u00eda tener acceso. IBM X-Force ID: 186678."
}
],
"id": "CVE-2020-4686",
"lastModified": "2024-11-21T05:33:07.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-17T13:15:12.490",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186678"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6260199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6260199"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}