Vulnerabilites related to ibm - spectrum_virtualize_for_public_cloud
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) son vulnerables a Cross-Site Request Forgery (CSRF), lo que podría permitir que un atacante ejecute acciones maliciosas no autorizadas transmitidas de un usuario en el que confía el sitio web. IBM X-Force ID: 139474.", }, ], id: "CVE-2018-1434", lastModified: "2024-11-21T03:59:48.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.323", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) podrían permitir que un usuario autenticado acceda a archivos del sistema a los que no debería tener acceso, algunos de los cuales podrían contener credenciales de cuenta. IBM X-Force ID: 140368.", }, ], id: "CVE-2018-1463", lastModified: "2024-11-21T03:59:52.310", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.540", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) emplean algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 140397.", }, ], id: "CVE-2018-1466", lastModified: "2024-11-21T03:59:52.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.713", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) podrían permitir que un usuario autenticado acceda a archivos del sistema a los que no debería tener acceso, incluyendo la eliminación de archivos o provocar una denegación de servicio (DoS). IBM X-Force ID: 140363.", }, ], id: "CVE-2018-1462", lastModified: "2024-11-21T03:59:52.127", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.493", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) podrían permitir que un usuario autenticado obtenga la clave privada que podría posibilitar la interceptación de comunicaciones en la interfaz gráfica de usuario. IBM X-Force ID: 140396.", }, ], id: "CVE-2018-1465", lastModified: "2024-11-21T03:59:52.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.650", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-21 17:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/206229 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6497111 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6507091 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/206229 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6497111 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6507091 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "0360CA45-1632-46EA-B6CA-4ADBC1721E1C", versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "A2344B6C-4092-4E03-9160-C555C933EC38", versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:storwize_v3500_software:*:*:*:*:*:*:*:*", matchCriteriaId: "37546E2C-AE34-48C0-BCD8-F5A0AF62F940", versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:storwize_v3700_software:*:*:*:*:*:*:*:*", matchCriteriaId: "10D528C4-32D1-4077-85AB-7FCD97F191A9", versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:storwize_v5000_software:*:*:*:*:*:*:*:*", matchCriteriaId: "A20A81B0-6D67-4C8B-AA41-6D8A31D56E2F", versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:storwize_v5100_software:*:*:*:*:*:*:*:*", matchCriteriaId: "582285B4-E763-4AE0-A53E-F300E1EF116E", versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:storwize_v7000_software:*:*:*:*:*:*:*:*", matchCriteriaId: "294179FF-AF49-43A6-8405-ECFF03779D65", versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28C0F321-55AE-44D6-83E9-13381D57675B", versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:flashsystem_9100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5B4F0607-A300-4F49-8204-64693E5DBA0F", versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:flashsystem_9100:-:*:*:*:*:*:*:*", matchCriteriaId: "4CACCCFB-D76F-4395-905F-63A68AC25FC7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:flashsystem_9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EC2D5883-B6E1-48CA-ACD5-25AEE8BDEC2D", versionEndExcluding: "8.4.0.0", versionStartIncluding: "7.8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:flashsystem_9000:-:*:*:*:*:*:*:*", matchCriteriaId: "88F6DF96-E53A-482C-BBA2-055EF3844A27", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.", }, { lang: "es", value: "IBM Flash System 900 podría permitir a un atacante autenticado conseguir información confidencial y causar una denegación de servicio debido a una vulnerabilidad de escape de shell restringido. IBM X-Force ID: 206229", }, ], id: "CVE-2021-29873", lastModified: "2024-11-21T06:01:57.017", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-21T17:15:07.800", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6497111", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6507091", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6497111", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6507091", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.", }, { lang: "es", value: "En los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1), web handler /DownloadFile no requiere autenticación para leer archivos arbitrarios del sistema. IBM X-Force ID: 139473.", }, ], id: "CVE-2018-1433", lastModified: "2024-11-21T03:59:48.683", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.243", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139473", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139473", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) podrían permitir que un usuario autenticado obtenga información sensible que no podría leer por no tener la autorización para ello. IBM X-Force ID: 140395.", }, ], id: "CVE-2018-1464", lastModified: "2024-11-21T03:59:52.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.603", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podría dar lugar a una revelación de credenciales en una sesión de confianza. IBM X-Force ID: 140362.", }, ], id: "CVE-2018-1461", lastModified: "2024-11-21T03:59:51.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.433", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.", }, { lang: "es", value: "En los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1), web handler /DLSnap podría permitir que un atacante no autenticado lea archivos arbitrarios del sistema. IBM X-Force ID: 139566.", }, ], id: "CVE-2018-1438", lastModified: "2024-11-21T03:59:49.253", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.387", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139566", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139566", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2018-1462 (GCVE-0-2018-1462)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140363 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V3700 |
Version: 7.1 Version: 6.4 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181462-dos(140363)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181462-dos(140363)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1462", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181462-dos(140363)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1462", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T01:51:33.890Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1433 (GCVE-0-2018-1433)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-08-05 03:59
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139473 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.074Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181433-file-download(139473)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139473", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181433-file-download(139473)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139473", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2018-1433", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181433-file-download(139473)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139473", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1433", datePublished: "2018-05-17T21:00:00", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-08-05T03:59:39.074Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-29873 (GCVE-0-2021-29873)
Vulnerability from cvelistv5
Published
2021-10-21 16:40
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6497111 | x_refsource_CONFIRM | |
| https://www.ibm.com/support/pages/node/6507091 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/206229 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | FlashSystem 900 |
Version: 1.6.1.4 Version: 1.5.2.10 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:18:03.195Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6497111", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6507091", }, { name: "ibm-storwize-cve202129873-priv-escalation (206229)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "FlashSystem 900", vendor: "IBM", versions: [ { status: "affected", version: "1.6.1.4", }, { status: "affected", version: "1.5.2.10", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Storwize V5100", vendor: "IBM", versions: [ { status: "affected", version: "8.4", }, { status: "affected", version: "7.8", }, ], }, { product: "FlashSystem 9100 Family", vendor: "IBM", versions: [ { status: "affected", version: "8.4", }, { status: "affected", version: "7.8", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Storwize V7000", vendor: "IBM", versions: [ { status: "affected", version: "8.4", }, { status: "affected", version: "7.8", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.8", }, { status: "affected", version: "8.4", }, ], }, ], datePublic: "2021-10-20T00:00:00", descriptions: [ { lang: "en", value: "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.7, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AV:N/I:H/PR:L/C:H/S:U/UI:N/AC:L/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-21T16:40:13", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6497111", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6507091", }, { name: "ibm-storwize-cve202129873-priv-escalation (206229)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-10-20T00:00:00", ID: "CVE-2021-29873", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "FlashSystem 900", version: { version_data: [ { version_value: "1.6.1.4", }, { version_value: "1.5.2.10", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Storwize V5100", version: { version_data: [ { version_value: "8.4", }, { version_value: "7.8", }, ], }, }, { product_name: "FlashSystem 9100 Family", version: { version_data: [ { version_value: "8.4", }, { version_value: "7.8", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Storwize V7000", version: { version_data: [ { version_value: "8.4", }, { version_value: "7.8", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.8", }, { version_value: "8.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "H", I: "H", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6497111", refsource: "CONFIRM", title: "IBM Security Bulletin 6497111 (SAN Volume Controller)", url: "https://www.ibm.com/support/pages/node/6497111", }, { name: "https://www.ibm.com/support/pages/node/6507091", refsource: "CONFIRM", title: "IBM Security Bulletin 6507091 (FlashSystem 900)", url: "https://www.ibm.com/support/pages/node/6507091", }, { name: "ibm-storwize-cve202129873-priv-escalation (206229)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29873", datePublished: "2021-10-21T16:40:13.636365Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-16T20:17:23.473Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1438 (GCVE-0-2018-1438)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-08-05 03:59
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139566 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.086Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181438-info-disc(139566)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139566", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181438-info-disc(139566)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139566", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2018-1438", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181438-info-disc(139566)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139566", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1438", datePublished: "2018-05-17T21:00:00", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-08-05T03:59:39.086Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1463 (GCVE-0-2018-1463)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 16:52
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140368 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V5000 |
Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.232Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181463-info-disc(140368)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181463-info-disc(140368)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1463", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181463-info-disc(140368)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1463", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T16:52:50.494Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1465 (GCVE-0-2018-1465)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 18:14
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140396 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V3500 |
Version: 6.4 Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181465-info-disc(140396)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181465-info-disc(140396)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1465", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181465-info-disc(140396)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1465", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T18:14:09.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1464 (GCVE-0-2018-1464)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140395 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V5000 |
Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.245Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181464-info-disc(140395)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181464-info-disc(140395)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1464", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181464-info-disc(140395)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1464", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:17:34.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1466 (GCVE-0-2018-1466)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140397 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | SAN Volume Controller |
Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.128Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181466-info-disc(140397)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181466-info-disc(140397)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1466", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181466-info-disc(140397)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1466", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T17:03:03.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1434 (GCVE-0-2018-1434)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139474 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | FlashSystem V9000 |
Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.064Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "ibm-storwize-cve20181434-csrf(139474)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.", }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "ibm-storwize-cve20181434-csrf(139474)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1434", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "ibm-storwize-cve20181434-csrf(139474)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1434", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T02:11:40.577Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1461 (GCVE-0-2018-1461)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140362 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Spectrum Virtualize Software |
Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181461-xss(140362)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181461-xss(140362)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1461", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181461-xss(140362)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1461", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:27:43.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }