Vulnerabilites related to ibm - storwize_v3500_firmware
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) emplean algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 140397.", }, ], id: "CVE-2018-1466", lastModified: "2024-11-21T03:59:52.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.713", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) podrían permitir que un usuario autenticado acceda a archivos del sistema a los que no debería tener acceso, algunos de los cuales podrían contener credenciales de cuenta. IBM X-Force ID: 140368.", }, ], id: "CVE-2018-1463", lastModified: "2024-11-21T03:59:52.310", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.540", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-09-24 18:48
Modified
2025-04-12 10:46
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
References
Impacted products
{ cisaActionDue: "2022-07-28", cisaExploitAdd: "2022-01-28", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*", matchCriteriaId: "F4DBE402-1B0A-4854-ABE5-891321454C25", versionEndIncluding: "4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "DCA5A28D-79B6-4F3E-9C98-65D4DFAD8EE7", versionEndExcluding: "4.9.12", versionStartIncluding: "4.9.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "9B1DC7EF-C994-4252-9DFE-DCA63FB17AE0", versionEndExcluding: "4.10.9", versionStartIncluding: "4.10.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "9056776F-03F6-4C3D-8635-37D66FD16EAA", versionEndExcluding: "4.11.11", versionStartIncluding: "4.11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "AFEE6963-F73F-4B71-B4F8-6E550FBDA5F6", versionEndExcluding: "4.12.9", versionStartIncluding: "4.12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "8296875A-64FA-4592-848A-A923126BD8AF", versionEndExcluding: "4.13.9", versionStartIncluding: "4.13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "816A16AF-1F5E-483A-AA89-3022818FAE43", versionEndExcluding: "4.14.4f", versionStartIncluding: "4.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:4:*:*:*:*:*:*:*", matchCriteriaId: "F8421899-5D10-4C2B-88AA-3DA909FE3E67", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", matchCriteriaId: "62A2AC02-A933-4E51-810E-5D040B476B7B", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", matchCriteriaId: "D7B037A8-72A6-4DFF-94B2-D688A5F6F876", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", matchCriteriaId: "BE8B7F1F-22F6-4B10-A6E5-DE44B1D2E649", versionEndExcluding: "4.1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:4.1.1:-:*:*:*:*:*:*", matchCriteriaId: "F407EA72-BA1A-41A2-B699-874304A638A5", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:4.1.1:build_0927:*:*:*:*:*:*", matchCriteriaId: "DDA25903-B334-438B-8196-B9E5119199D1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*", matchCriteriaId: "76F1E356-E019-47E8-AA5F-702DA93CF74E", vulnerable: true, }, { criteria: "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", matchCriteriaId: "F805A106-9A6F-48E7-8582-D3C5A26DFC11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC489F35-07F1-4C3E-80B9-78F0689BC54B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization:3.4:*:*:*:*:*:*:*", matchCriteriaId: "95CE35FC-266F-4025-A0B8-FB853C020800", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "6172AF57-B26D-45F8-BE3A-F75ABDF28F49", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", matchCriteriaId: "6252E88C-27FF-420D-A64A-C34124CF7E6A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*", matchCriteriaId: "8A8E07B7-3739-4BEB-88F8-C7F62431E889", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "569964DA-31BE-4520-A66D-C3B09D557AB8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "807C024A-F8E8-4B48-A349-4C68CD252CA1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "F96E3779-F56A-45FF-BB3D-4980527D721E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.9_s390x:*:*:*:*:*:*:*", matchCriteriaId: "EC5537E1-1E8E-49C5-B4CB-A8E2EE3F5088", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "804DFF9F-BAA8-4239-835B-6182471A224F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.5_s390x:*:*:*:*:*:*:*", matchCriteriaId: "9EE496C0-35F7-44DC-B3F0-71EA3A613C38", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.3_s390x:*:*:*:*:*:*:*", matchCriteriaId: "71179893-49F2-433C-A7AC-687075F9CC1B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "1D4C43D8-02A5-4385-A89E-F265FEEC9E9B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.5_s390x:*:*:*:*:*:*:*", matchCriteriaId: "37ECC029-3D84-4DD7-B28B-E5AD5559CF94", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.6_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F4CBED2A-B6B0-420E-BC40-160930D8662E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.7_s390x:*:*:*:*:*:*:*", matchCriteriaId: "652F7BB0-A6EA-45D0-86D4-49F4CA6C3EE0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0_ppc:*:*:*:*:*:*:*", matchCriteriaId: "29BBF1AC-F31F-4251-8054-0D89A8E6E990", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.9_ppc:*:*:*:*:*:*:*", matchCriteriaId: "C52A4A2F-6385-4E5F-B2C7-0EF7267546F6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "6D8D654F-2442-4EA0-AF89-6AC2CD214772", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.4_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "D8ED0658-5F8F-48F0-A605-A2205DA27DA5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8BCF87FD-9358-42A5-9917-25DF0180A5A6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.5_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "C385DA76-4863-4D39-84D2-9D185D322365", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "188019BF-3700-4B3F-BFA5-553B2B545B7F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "9B8B2E32-B838-4E51-BAA2-764089D2A684", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "4319B943-7B19-468D-A160-5895F7F997A3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*", matchCriteriaId: "634C23AC-AC9C-43F4-BED8-1C720816D5E3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", matchCriteriaId: "37CE1DC7-72C5-483C-8921-0B462C8284D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", matchCriteriaId: "54D669D4-6D7E-449D-80C1-28FA44F06FFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*", matchCriteriaId: "BB6ADFB8-210D-4E46-82A2-1C8705928382", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", matchCriteriaId: "92C9F1C4-55B0-426D-BB5E-01372C23AF97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", matchCriteriaId: "AD6D0378-F0F4-4AAA-80AF-8287C790EC96", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", matchCriteriaId: "AF83BB87-B203-48F9-9D06-48A5FE399050", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*", matchCriteriaId: "8821E5FE-319D-40AB-A515-D56C1893E6F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*", matchCriteriaId: "0AE981D4-0CA1-46FA-8E91-E1A4D5B31383", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*", matchCriteriaId: "F732C7C9-A9CC-4DEF-A8BE-D0F18C944C78", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", matchCriteriaId: "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*", matchCriteriaId: "74BCA435-7594-49E8-9BAE-9E02E129B6C0", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", matchCriteriaId: "3ED68ADD-BBDA-4485-BC76-58F011D72311", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", matchCriteriaId: "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*", matchCriteriaId: "CED02712-1031-4206-AC4D-E68710F46EC9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", matchCriteriaId: "35BBD83D-BDC7-4678-BE94-639F59281139", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:*", matchCriteriaId: "7F4AF9EC-7C74-40C3-A1BA-82B80C4A7EE0", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", matchCriteriaId: "CB6476C7-03F2-4939-AB85-69AA524516D9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", matchCriteriaId: "E534C201-BCC5-473C-AAA7-AAB97CEB5437", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", matchCriteriaId: "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", matchCriteriaId: "15FC9014-BD85-4382-9D04-C0703E901D7A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", matchCriteriaId: "2F7F8866-DEAD-44D1-AB10-21EE611AA026", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", matchCriteriaId: "1831D45A-EE6E-4220-8F8C-248B69520948", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:8.2:*:*:*:*:*:*:*", matchCriteriaId: "94C9C346-6DEC-4C72-9F59-BB3BEC42B551", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:9.0:*:*:*:*:*:*:*", matchCriteriaId: "2071DABB-7102-47F2-A15F-A6C03607D01F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:9.1:*:*:*:*:*:*:*", matchCriteriaId: "A8661E86-E075-427F-8E05-7A33811A3A76", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:pureapplication_system:*:*:*:*:*:*:*:*", matchCriteriaId: "BEFCC35D-1C83-4CA5-8B1D-9A637613AD7E", versionEndIncluding: "1.0.0.4", versionStartIncluding: "1.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:pureapplication_system:*:*:*:*:*:*:*:*", matchCriteriaId: "054736AF-96E0-491D-B824-CC4A35B76E14", versionEndIncluding: "1.1.0.4", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "575894EE-F13C-4D56-8B63-59A379F63BD2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_risk_manager:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0E476AEB-AD38-4033-8426-DC502497D75A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3C062C89-5DC2-46EE-A9D3-23E7539A5DAF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr1:*:*:*:*:*:*", matchCriteriaId: "20981443-6A64-4852-B2CB-3299927C6F78", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr2:*:*:*:*:*:*", matchCriteriaId: "59761BB8-FCC7-4D15-88A8-82076CCF196F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:-:*:*:*:*:*:*", matchCriteriaId: "CF399B2E-8413-4B80-A0C0-E61E8A0A8604", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p1:*:*:*:*:*:*", matchCriteriaId: "230EBA53-66AF-432B-B4C1-08D8FC903B2B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p2:*:*:*:*:*:*", matchCriteriaId: "789F398A-5CB2-48F8-AF8F-05BF0A8E04B9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p3:*:*:*:*:*:*", matchCriteriaId: "EF102659-B067-473E-AA37-EA90A82D1864", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:-:*:*:*:*:*:*", matchCriteriaId: "81DF915D-D764-4C21-B213-0ADFD844E9DB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p1:*:*:*:*:*:*", matchCriteriaId: "C29A4119-A992-4713-85D6-4FDED7CD416A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p10:*:*:*:*:*:*", matchCriteriaId: "4CA59C9D-74C2-4AFC-B1D1-1BC305FD493B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p11:*:*:*:*:*:*", matchCriteriaId: "5720A37E-1DB5-45BA-9FDE-0EAEFE1F2257", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p12:*:*:*:*:*:*", matchCriteriaId: "F03006B7-037B-491F-A09F-DEB2FF076754", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p13:*:*:*:*:*:*", matchCriteriaId: "FE78AED4-AD60-406C-82E0-BA52701B49BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p2:*:*:*:*:*:*", matchCriteriaId: "3D0B71F0-CCED-4E23-989A-3E9E2D71307C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p3:*:*:*:*:*:*", matchCriteriaId: "5CF8FC22-C556-451C-B928-F5AF8DF4BF45", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p4:*:*:*:*:*:*", matchCriteriaId: "081D3B14-45F6-4F96-944B-94D967FEFA26", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p5:*:*:*:*:*:*", matchCriteriaId: "DE2C36B5-43F8-401B-B420-1FA5F13A4D6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p6:*:*:*:*:*:*", matchCriteriaId: "D922DC5A-63F6-4188-BCDE-BB987402E47E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p7:*:*:*:*:*:*", matchCriteriaId: "BFD5737C-AAE8-4C8D-BCFE-FFDF5DA4221C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p8:*:*:*:*:*:*", matchCriteriaId: "C2BCC22C-A32B-4945-AFBC-777DBE248FB8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p9:*:*:*:*:*:*", matchCriteriaId: "92F92890-63B0-4918-A147-8852B6E2FA8A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2:*:*:*:*:*:*:*", matchCriteriaId: "8016ECD3-4417-47A8-9493-C9F9EDF5FAA5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:-:*:*:*:*:*:*", matchCriteriaId: "ED0B143A-5386-4375-AEB2-48619B2B1EF3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p1:*:*:*:*:*:*", matchCriteriaId: "E7ECA734-9E95-484F-B880-2491A0E2531B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p2:*:*:*:*:*:*", matchCriteriaId: "5D7CD9E9-033C-44B8-A68C-47AC260873E1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p3:*:*:*:*:*:*", matchCriteriaId: "07B660DC-A94F-48F0-A2F4-1C39CC4751A5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:-:*:*:*:*:*:*", matchCriteriaId: "44D355AE-A8C0-4D7B-87FE-5D4138B6BB2E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p1:*:*:*:*:*:*", matchCriteriaId: "329C8551-98D1-4255-B598-9E75A071C186", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p2:*:*:*:*:*:*", matchCriteriaId: "FD0687B7-F374-4368-AD9E-041123B23A6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p3:*:*:*:*:*:*", matchCriteriaId: "D0330E77-454E-4E77-9628-50681B748491", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:-:*:*:*:*:*:*", matchCriteriaId: "3863726E-15AD-4A47-85CB-0C9965E76EF1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p1:*:*:*:*:*:*", matchCriteriaId: "5C07D9DC-E6C1-4FB0-86F1-144FD51B08CD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p2:*:*:*:*:*:*", matchCriteriaId: "3105129C-8FE8-4BF0-8CB9-A7F3F7FE1107", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p3:*:*:*:*:*:*", matchCriteriaId: "D1F35447-889F-4CE9-9473-87046B4707EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p4:*:*:*:*:*:*", matchCriteriaId: "A3A5DFC0-BBD7-430C-A026-E1F34E08894D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:-:*:*:*:*:*:*", matchCriteriaId: "141E8F6A-3998-4F22-A717-3F52BC998F97", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p1:*:*:*:*:*:*", matchCriteriaId: "F09AA197-BB55-4CF0-AC29-4449C07DE510", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p2:*:*:*:*:*:*", matchCriteriaId: "3E468E33-B183-4830-97E2-EAF9FD3758E9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p3:*:*:*:*:*:*", matchCriteriaId: "738C8F2B-3D3E-4E1F-977A-05D3A39F115D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p4:*:*:*:*:*:*", matchCriteriaId: "1ED03E83-909B-423F-81F2-34AB7F24BBE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:-:*:*:*:*:*:*", matchCriteriaId: "9778E8AA-A034-4B04-A42E-6A182378C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p1:*:*:*:*:*:*", matchCriteriaId: "AEE15598-4064-4E31-86BA-7851AA4B76C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p2:*:*:*:*:*:*", matchCriteriaId: "59FE3789-FB47-4939-B9AA-86D203445526", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p3:*:*:*:*:*:*", matchCriteriaId: "2F96389A-82B9-42DE-8E93-D2B2EE610F7A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p4:*:*:*:*:*:*", matchCriteriaId: "3131CDA5-1C4D-489C-8788-FA396F8ADB2C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p5:*:*:*:*:*:*", matchCriteriaId: "DCC7DF3E-658C-41D7-A4AC-433440A02092", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p6:*:*:*:*:*:*", matchCriteriaId: "EEBB12B8-4EF6-42B9-9D28-A9CA129B0FBA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:-:*:*:*:*:*:*", matchCriteriaId: "279C30FB-EA1C-4D1D-A37E-F1EEF79F19F4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p1:*:*:*:*:*:*", matchCriteriaId: "D6870C1E-E4A4-4666-89DB-D72C8100D27E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p2:*:*:*:*:*:*", matchCriteriaId: "BE183CA0-FFBB-4746-8BBE-5D1910DD2100", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p3:*:*:*:*:*:*", matchCriteriaId: "D04B5EBF-C94C-4A44-9A7E-75623CAF832C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p4:*:*:*:*:*:*", matchCriteriaId: "5723FDF4-198B-488E-B075-F528EC6E4D18", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p5:*:*:*:*:*:*", matchCriteriaId: "7E23A972-5BCA-4C7E-B6F9-AD54992861A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p6:*:*:*:*:*:*", matchCriteriaId: "1D00AFC9-8A9C-4BB1-9E60-BC6D552DC8E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:-:*:*:*:*:*:*", matchCriteriaId: "BFE4D0FF-6445-4E14-9536-ADB32662B346", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p1:*:*:*:*:*:*", matchCriteriaId: "C7FC4FDA-1C8D-4D7A-B5EA-D905FA830805", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p2:*:*:*:*:*:*", matchCriteriaId: "753AA0F3-09F4-4E34-8E72-FAFD8BFE18EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p3:*:*:*:*:*:*", matchCriteriaId: "9AC763FD-C143-4CA3-9A24-D50C9ED243D5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p4:*:*:*:*:*:*", matchCriteriaId: "299C6CBE-905F-4E59-AF2F-89A1CD767916", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p5:*:*:*:*:*:*", matchCriteriaId: "78538461-1B7E-4712-AA8D-D2EA3477635B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p6:*:*:*:*:*:*", matchCriteriaId: "E3FF46F1-EF19-49D7-9EDD-44441C1A3F94", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p7:*:*:*:*:*:*", matchCriteriaId: "D9F91FB6-7D8F-4D89-B6BA-2C6DF15B9A51", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:-:*:*:*:*:*:*", matchCriteriaId: "5725106C-A650-4C24-9636-1200BD44CCA4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p1:*:*:*:*:*:*", matchCriteriaId: "F1501425-96F7-487B-9588-FDA2DAC3790A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p2:*:*:*:*:*:*", matchCriteriaId: "48D95998-9434-4AFF-9983-0D7AC34176A3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p3:*:*:*:*:*:*", matchCriteriaId: "D60BB309-860D-4D74-B08F-F94AFE84C881", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p4:*:*:*:*:*:*", matchCriteriaId: "F63E864E-6323-41B4-956F-51F9364DFAE2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:-:*:*:*:*:*:*", matchCriteriaId: "EC724282-7431-465E-8E60-4037121B8838", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p1:*:*:*:*:*:*", matchCriteriaId: "73151221-C102-4425-9316-1EE4CAAB6531", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p10:*:*:*:*:*:*", matchCriteriaId: "D1E9DDCD-6D22-4175-94EF-D8A5457E7355", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p11:*:*:*:*:*:*", matchCriteriaId: "35AB906F-43CD-4D54-8274-1FD551532E58", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p12:*:*:*:*:*:*", matchCriteriaId: "1ADC75F0-B27E-4B15-B829-482FBA0063A5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p13:*:*:*:*:*:*", matchCriteriaId: "D015D670-8AEA-49A3-8D22-9E3009322EB0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p14:*:*:*:*:*:*", matchCriteriaId: "C18F3CC3-9BCF-4DE8-B7CA-59587D5E61F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p15:*:*:*:*:*:*", matchCriteriaId: "E543BC0F-ADFB-4CF2-BC6C-90DC76BE3A95", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p16:*:*:*:*:*:*", matchCriteriaId: "28CE650B-BE03-4EDF-BE27-2FA6657F7A52", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p2:*:*:*:*:*:*", matchCriteriaId: "2356A4E6-561B-40CA-8348-B30D581B1E46", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p3:*:*:*:*:*:*", matchCriteriaId: "74509F3F-840E-48B8-88B1-EA4FFB90ACC3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p4:*:*:*:*:*:*", matchCriteriaId: "BE7BD528-628F-4CA9-9FE8-8A79BDC97680", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p5:*:*:*:*:*:*", matchCriteriaId: "26118C2B-78CC-4038-9DEA-7A9417029790", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p6:*:*:*:*:*:*", matchCriteriaId: "29EBC1DD-6949-4B12-8CA5-EE2BCDB8C4C3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p7:*:*:*:*:*:*", matchCriteriaId: "4F445D93-D482-4A74-810D-66D78CBCAFED", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p8:*:*:*:*:*:*", matchCriteriaId: "2C9F200C-ECC9-4D51-AFE7-E99C16D09148", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p9:*:*:*:*:*:*", matchCriteriaId: "56B87CB5-0F77-4040-BB58-9DBF5723A4FD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8.15:*:*:*:*:*:*:*", matchCriteriaId: "F4B3321B-11AD-43EB-867C-FA4FA6A5421E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.9:*:*:*:*:*:*:*", matchCriteriaId: "DFB104CA-55CD-4B9E-A2F7-CC06E57663CB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "4975223D-9E31-4CEC-A4B6-C0996828B855", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "22E0F4A7-B8BD-42D1-92DB-2B510FFC9C36", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "C15C820B-4778-4B8F-8BD8-E996F1D4062D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.3:*:*:*:*:*:*:*", matchCriteriaId: "A42E70EE-2E23-4D92-ADE0-9177B9EDD430", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.4:*:*:*:*:*:*:*", matchCriteriaId: "01C91446-4A36-4FCE-A973-3E6F813FABC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p1:*:*:*:*:*:*", matchCriteriaId: "58281E62-E350-4B0D-9322-8BA1E1773CB2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p2:*:*:*:*:*:*", matchCriteriaId: "BF1A152E-5795-4319-BD4D-855DE19C744C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p3:*:*:*:*:*:*", matchCriteriaId: "438FCE7F-035A-4D89-96FE-EE5278C85493", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p4:*:*:*:*:*:*", matchCriteriaId: "80900F2C-7CFA-4C40-A6B5-51E12C3DA187", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p5:*:*:*:*:*:*", matchCriteriaId: "DDE9A060-1D4D-46E5-A34F-CC4CFA260D94", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p6:*:*:*:*:*:*", matchCriteriaId: "33F900E6-AE47-4789-A337-70C6BEF22895", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p7:*:*:*:*:*:*", matchCriteriaId: "AD2E5054-2151-414D-A88F-6697FF280D41", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:-:*:*:*:*:*:*", matchCriteriaId: "3EB09361-372E-4F51-B255-C7D2DB41969F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p1:*:*:*:*:*:*", matchCriteriaId: "A36D6991-3728-4F60-A443-37652DFAA053", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p10:*:*:*:*:*:*", matchCriteriaId: "4142CC4E-9F0D-4017-8D17-D59FBCEB36F1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p11:*:*:*:*:*:*", matchCriteriaId: "63C0F7CA-5F3C-41D4-AAD6-084643115D85", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p12:*:*:*:*:*:*", matchCriteriaId: "1D16C66D-15BF-4EB8-8D78-DF12A69BD7F8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p13:*:*:*:*:*:*", matchCriteriaId: "81C388DC-0941-4D08-8C1C-BD43D9B0DC8F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p14:*:*:*:*:*:*", matchCriteriaId: "45CD14D8-665A-46C5-8387-33FF266822A7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p15:*:*:*:*:*:*", matchCriteriaId: "D510329D-B39E-4E2B-AAEC-1FDA7869C9E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p16:*:*:*:*:*:*", matchCriteriaId: "4640FE06-4D22-442E-A0E0-76EEFAF6ECB4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p17:*:*:*:*:*:*", matchCriteriaId: "6A846C69-CA94-4F5E-9E02-69EA6680549E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p2:*:*:*:*:*:*", matchCriteriaId: "F3E63ECF-25CB-4E7F-BF51-B4D7B3541AE6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p3:*:*:*:*:*:*", matchCriteriaId: "FF14DD4F-6779-4B17-AB1B-D4DE58E7E231", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p4:*:*:*:*:*:*", matchCriteriaId: "7AAEE176-631A-41B9-BC40-93F866DA9D5E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p5:*:*:*:*:*:*", matchCriteriaId: "75C963D5-F2D1-49EE-93B5-CA7FE7EAB98C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p6:*:*:*:*:*:*", matchCriteriaId: "9388D932-9818-4A68-9543-B0643166DB2A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p7:*:*:*:*:*:*", matchCriteriaId: "770A9287-C910-4690-9402-0C0B7BAC8912", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p8:*:*:*:*:*:*", matchCriteriaId: "3F8AC068-D5AC-4042-8A7C-5B95EA0E85F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p9:*:*:*:*:*:*", matchCriteriaId: "B503F1F7-F439-420D-B465-9A51CCECAB06", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "27948B08-C452-41FB-B41F-6ADB3AAE087E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8AB8FB4C-5BBC-420D-84F0-C8424DC25CD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CAF1F14C-DB2C-40A8-B899-C127C7ECC0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E87FA9CC-D201-430F-8FE6-8C9A88CEAB1C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_provisioning:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4D7F2743-71BB-4011-B919-7E8032B6B72F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:*:*:*:*:kvm:*:*:*", matchCriteriaId: "3738FAC6-B90B-4014-9E86-17ED6D19D23D", versionEndExcluding: "1.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:*:*:*:*:openflow:*:*:*", matchCriteriaId: "35B6634E-4F09-423C-87E7-59D4127CC023", versionEndExcluding: "1.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:*:*:*:*:vmware:*:*:*", matchCriteriaId: "0A7A7100-A1DA-4191-A4C1-D930829A3DC2", versionEndExcluding: "1.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:starter_kit_for_cloud:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "83739ED7-37F1-4712-8C81-E56F58790240", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:workload_deployer:*:*:*:*:*:*:*:*", matchCriteriaId: "1CDD227E-1F98-4F73-BB65-3820F39127F0", versionEndIncluding: "3.1.0.7", versionStartIncluding: "3.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "EA4B8E11-83D3-4B38-90B6-4C0F536D06B6", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "250AF7A4-8DDF-427C-8BF7-788667908D77", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "22433CE0-9772-48CE-8069-612FF3732C21", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "2569AA28-5C61-4BBD-A501-E1ACFA36837B", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3AB188A2-D7CE-4141-A55A-C074C84E366E", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "DE776097-1DA4-4F27-8E96-61E3D9FFE8D0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "FE4E5283-0FEE-4F37-9C41-FA695063FF79", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*", matchCriteriaId: "73EB6121-62CD-49FC-A1D2-5467B007253C", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97E19969-DD73-42F2-9E91-504E1663B268", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F9CC2E05-5179-4241-A710-E582510EEB0D", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB18F38-AC6A-406A-A4DD-40688B803744", versionEndExcluding: "1.4.3.5", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DFE781C8-40F7-4F6D-8FED-8EB3071FE9DB", versionEndExcluding: "1.5.0.4", versionStartIncluding: "1.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5AB3395-B458-49F8-A8E3-25FF0C1C3BD3", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1EC57FAE-AD4D-4C9F-97A4-581C977B5FE4", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47A17EE0-7D3E-4CD7-984C-BB17BF6F4BFD", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33A46CF2-392A-4BB9-B4BF-DE8C5228CAAE", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C4EF774-BD92-444D-9583-25DB97CDA4F3", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8753BBDB-A858-4A51-A8FD-8DF8DF2734A0", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0FB9850A-3308-4277-A68C-AD418612101E", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C84D7A48-6745-49D3-AE52-31DD7EEC0D61", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4A1A3A3E-5636-4422-9B7B-B3D97989E674", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7384B993-049F-48D7-86D6-FE221C783245", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B1DF6129-9CEA-4812-800F-A6FD5095D60E", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:flex_system_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "79788A89-4152-4B4B-BFF0-518D90EE4D2B", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:flex_system_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "680738C5-63D5-4F60-9610-FD0D87FCBBCA", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:flex_system_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "872E2102-6BE6-42B6-93B0-942B7DABCBDA", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:flex_system_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "DACA26CF-7C3F-4215-B032-ED9C5EFD57D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E6E31991-DF33-4F00-8430-7B626E8174CE", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B2E25BB0-6F5A-4A7B-9147-D4E17014C747", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B80C1675-4948-45DC-B593-EDB1354E42F3", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:stn6500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1CE69F8D-5EEE-4BC7-939C-CE71BCD2E11D", versionEndExcluding: "3.8.0.07", versionStartIncluding: "3.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDEC166F-A967-4616-B9EF-503054EFD197", versionEndExcluding: "3.9.1.08", versionStartIncluding: "3.9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "713E71BC-16F5-41E3-9816-74D5E8D8C9A9", versionEndExcluding: "4.1.2.06", versionStartIncluding: "4.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:stn6500:-:*:*:*:*:*:*:*", matchCriteriaId: "4D2487E0-046C-476F-BFF4-EF77D9E856D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:stn6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0287F3CD-2151-491D-8BC3-6D3921BE8FFA", versionEndExcluding: "3.8.0.07", versionStartIncluding: "3.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C4179899-87B4-42C3-8245-9A34EC04F6A1", versionEndExcluding: "3.9.1.08", versionStartIncluding: "3.9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B8CED766-9742-4037-8005-F0BDDE9176DD", versionEndExcluding: "4.1.2.06", versionStartIncluding: "4.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:stn6800:-:*:*:*:*:*:*:*", matchCriteriaId: "C41EEAEC-08AE-4478-8977-5A4D7B48C175", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:stn7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "298C961D-5E5F-4277-B192-A4C29243BECC", versionEndExcluding: "3.8.0.07", versionStartIncluding: "3.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E5A76C40-BA90-4FBD-8DFF-4AF8F952963A", versionEndExcluding: "3.9.1.08", versionStartIncluding: "3.9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B0663FBC-01C0-4AD8-A0B8-6097E537D352", versionEndExcluding: "4.1.2.06", versionStartIncluding: "4.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:stn7800:-:*:*:*:*:*:*:*", matchCriteriaId: "CE145DE3-3C9B-4949-B6D4-9B259372CCE0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", matchCriteriaId: "01EDA41C-6B2E-49AF-B503-EB3882265C11", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:10.3:*:*:*:*:*:*:*", matchCriteriaId: "0ABC25E5-76CD-469B-879A-B1F7109D0181", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11:*:*:*:*:*:*:*", matchCriteriaId: "98942F6C-330F-459A-B2B4-72572DB4070E", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11.1:*:*:*:*:*:*:*", matchCriteriaId: "F5A92B0C-7256-45F0-8E0C-ADFEF36CF43D", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11.2:*:*:*:*:*:*:*", matchCriteriaId: "8C0BAB94-6521-4B57-9E56-A57BA5E20C24", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3A7788E5-93B9-4149-8823-2ACBA5CF17E0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:open_enterprise_server:2.0:sp3:*:*:*:linux_kernel:*:*", matchCriteriaId: "B41B4ECD-6F30-46F5-A559-1CEFC7964873", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:open_enterprise_server:11.0:sp2:*:*:*:linux_kernel:*:*", matchCriteriaId: "D42ADCD9-1455-401C-B94F-D367A78A2B97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:checkpoint:security_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "2853A787-E5F1-4455-9482-7C538B80556C", versionEndExcluding: "r77.30", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "79618AB4-7A8E-4488-8608-57EC2F8681FE", versionEndIncluding: "10.2.4", versionStartIncluding: "10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8E910D60-1145-4229-9890-80D2D67C3845", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "48BBEF73-E87D-467F-85EB-47BE212DF0E8", versionEndIncluding: "11.5.1", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B276E4DF-69FC-4158-B93A-781A45605034", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "EE23220D-E364-41B7-A440-43B3AA4A716A", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C483253F-841E-4D4E-9B4A-932E9D07268B", versionEndIncluding: "11.5.1", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B40837-EC2B-41FB-ACC3-806054EAF28C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "667D3780-3949-41AC-83DE-5BCB8B36C382", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "4F0E7766-BDB4-42AB-B6CC-6B4E86A10038", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "475F0EF8-42CB-4099-9C4A-390F946C4924", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "A8347412-DC42-4B86-BF6E-A44A5E1541ED", versionEndIncluding: "10.2.4", versionStartIncluding: "10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "C8942D9D-8E3A-4876-8E93-ED8D201FF546", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7B5AF8C8-578E-4FD7-8BAA-53A57EE4C653", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "06BA93C0-A7AE-4A8E-BD74-08149A204463", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "D7D7863D-B064-4D7A-A66B-C3D3523425FD", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "1DF6BB8A-FA63-4DBC-891C-256FF23CBCF0", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "3E0D8F52-0EAD-4E02-A8D8-CBAE2CDC703B", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "5CDEC701-DAB3-4D92-AA67-B886E6693E46", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "289CEABB-22A2-436D-AE4B-4BDA2D0EAFDB", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C6D61BF2-69D8-4AD2-85CD-D87F640A6888", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "2FF5A5F6-4BA3-4276-8679-B5560EACF2E0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E9A06D61-E6CB-4A8A-B06D-9FEA1812C167", versionEndIncluding: "11.5.1", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "2C0B4C01-C71E-4E35-B63A-68395984E033", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "9828CBA5-BB72-46E2-987D-633A5B3E2AFF", versionEndIncluding: "11.4.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BB60C39D-52ED-47DD-9FB9-2B4BC8D9F8AC", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "68BC025A-D45E-45FB-A4E4-1C89320B5BBE", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "AE007A64-5867-4B1A-AEFB-3AB2CD6A5EA4", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "7C75978B-566B-4353-8716-099CB8790EE0", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "BC24B891-6DBA-4C02-B4CF-8D1CA53B4B74", versionEndIncluding: "4.4.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*", matchCriteriaId: "0BB0FDAC-C49D-4E63-ACA9-7BAD7C93A5D2", versionEndIncluding: "4.4.0", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*", matchCriteriaId: "3AEB1FC5-1179-4DE9-99A2-D650167A7A60", versionEndIncluding: "4.4.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0ADD1B04-9F78-40B3-8314-6935277073B0", versionEndIncluding: "2.3.0", versionStartIncluding: "2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "482E630B-93A1-4B9B-8273-821C116ADC4F", versionEndIncluding: "3.1.1", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "1343FBDC-4BF0-403B-B257-96672F092263", versionEndIncluding: "4.0.5", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "7C138527-73D3-4AEE-BFAB-1D240A585A0F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "8F2EB3D6-EF4C-4241-A31E-3990664004A7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8F0CD8F8-26CE-43F0-87EB-A08F1D1EDB25", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1D1168D2-93D5-4415-A666-B4BE0B2AC201", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48A2FBA9-207F-4F16-932D-BF0BA3440503", versionEndIncluding: "6.4.0", versionStartIncluding: "6.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*", matchCriteriaId: "4C6AC80F-9D91-468D-BEE3-6A0759723673", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_sdx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF1DB4B7-AFCC-4D56-95BA-C66AB7A36680", versionEndExcluding: "9.3.67.5r1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_sdx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "665EF643-3CDC-4518-9693-0D49F0870283", versionEndExcluding: "10.1.129.11r1", versionStartIncluding: "10", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_sdx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BAE3CC45-49E5-40DE-B5C3-52A754A9C599", versionEndExcluding: "10.5.52.11r1", versionStartIncluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_sdx:-:*:*:*:*:*:*:*", matchCriteriaId: "8968E39A-1E16-4B7F-A16A-190EBC20D04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "864B5480-704F-4636-A938-7D95AD4223AD", versionEndExcluding: "10.10.0", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:*:*:*:*:*:*:*", matchCriteriaId: "35D34345-0AD1-499C-9A74-982B2D3F305A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update_1:*:*:*:*:*:*", matchCriteriaId: "3DF3F07E-6F4E-4B97-B313-7DA3E8A88451", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update_2:*:*:*:*:*:*", matchCriteriaId: "5C98B0EA-7A52-4BDF-90C2-38797FC2B75A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:*:*:*:*:*:*:*", matchCriteriaId: "FECF06B5-3915-48F0-A140-41C7A27EE99D", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:update_1:*:*:*:*:*:*", matchCriteriaId: "BBD8B161-0A07-492F-89E4-7A0BD02F6464", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:update_2:*:*:*:*:*:*", matchCriteriaId: "F3E8E0E1-FF63-425D-8C22-86B16CFB7B1A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.5:-:*:*:*:*:*:*", matchCriteriaId: "29DF8DD7-B5CC-4152-A726-1D48459068D0", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.5:update_1:*:*:*:*:*:*", matchCriteriaId: "DB2E2AAD-E221-4227-A41B-DC01BFDFCD6C", vulnerable: true, }, { criteria: "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BC337BB7-9A45-4406-A783-851F279130EE", vulnerable: true, }, { criteria: "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*", matchCriteriaId: "0B6BA46F-4E8C-4B2A-AE92-81B9F1B4D56C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka \"ShellShock.\" NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.", }, { lang: "es", value: "GNU Bash hasta la versión 4.3 procesa cadenas finales después de las definiciones de funciones en los valores de variables de entorno, lo que permite a atacantes remotos ejecutar código arbitrario a través de un entorno manipulado, tal como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en las cuales el ajuste de entorno ocurre a través de un límite privilegiado de la ejecución de Bash, también conocido como \"ShellShock.\" NOTA: la reparación original para este problema era incorrecta; CVE-2014-7169 ha sido asignada para cubrir la vulnerabilidad que todavía está presente después de la solución incorrecta.", }, ], id: "CVE-2014-6271", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2014-09-24T18:48:04.477", references: [ { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0388.html", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { source: "security@debian.org", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", }, { source: "security@debian.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-1293.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-1294.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142546741516006&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1293.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1294.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1295.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/58200", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/59272", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/59737", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/59907", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60024", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60034", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60044", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60055", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60063", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60193", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60325", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60433", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60947", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61065", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61128", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61129", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61188", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61283", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61287", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61291", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61312", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61313", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61328", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61442", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61471", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61485", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61503", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61542", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61547", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61550", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61552", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61565", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61603", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61633", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61641", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61643", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61654", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61676", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61700", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61703", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61711", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61715", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61780", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61816", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61855", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61857", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61873", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/62228", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/62312", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/62343", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6495", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://support.novell.com/security/cve/CVE-2014-6271.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-3032", }, { source: "security@debian.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/70103", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2362-1", }, { source: "security@debian.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://access.redhat.com/articles/1200223", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://access.redhat.com/node/1200223", }, { source: "security@debian.org", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1141597", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT6535", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://support.citrix.com/article/CTX200217", }, { source: "security@debian.org", tags: [ "Permissions Required", ], url: "https://support.citrix.com/article/CTX200223", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/34879/", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/37816/", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/38849/", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/39918/", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40619/", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40938/", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/42938/", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/support/shellshock/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0388.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-1293.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-1294.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142546741516006&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1293.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1294.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1295.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/58200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/59272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/59737", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/59907", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60055", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60063", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61065", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61291", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61313", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61328", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61471", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61485", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61547", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61550", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61552", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61565", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61643", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61700", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61715", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61780", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61855", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61857", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/62228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/62312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/62343", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.novell.com/security/cve/CVE-2014-6271.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-3032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/70103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2362-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://access.redhat.com/articles/1200223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://access.redhat.com/node/1200223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1141597", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT6535", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.citrix.com/article/CTX200217", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://support.citrix.com/article/CTX200223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/34879/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/37816/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/38849/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/39918/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40619/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40938/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/42938/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/support/shellshock/", }, ], sourceIdentifier: "security@debian.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) son vulnerables a Cross-Site Request Forgery (CSRF), lo que podría permitir que un atacante ejecute acciones maliciosas no autorizadas transmitidas de un usuario en el que confía el sitio web. IBM X-Force ID: 139474.", }, ], id: "CVE-2018-1434", lastModified: "2024-11-21T03:59:48.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.323", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podría dar lugar a una revelación de credenciales en una sesión de confianza. IBM X-Force ID: 140362.", }, ], id: "CVE-2018-1461", lastModified: "2024-11-21T03:59:51.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.433", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-11 02:59
Modified
2025-03-21 21:08
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | struts | * | |
| apache | struts | * | |
| ibm | storwize_v3500_firmware | 7.7.1.6 | |
| ibm | storwize_v3500_firmware | 7.8.1.0 | |
| ibm | storwize_v3500 | - | |
| ibm | storwize_v5000_firmware | 7.7.1.6 | |
| ibm | storwize_v5000_firmware | 7.8.1.0 | |
| ibm | storwize_v5000 | - | |
| ibm | storwize_v7000_firmware | 7.7.1.6 | |
| ibm | storwize_v7000_firmware | 7.8.1.0 | |
| ibm | storwize_v7000 | - | |
| lenovo | storage_v5030_firmware | 7.7.1.6 | |
| lenovo | storage_v5030_firmware | 7.8.1.0 | |
| lenovo | storage_v5030 | - | |
| hp | server_automation | 9.1.0 | |
| hp | server_automation | 10.0.0 | |
| hp | server_automation | 10.1.0 | |
| hp | server_automation | 10.2.0 | |
| hp | server_automation | 10.5.0 | |
| oracle | weblogic_server | 10.3.6.0.0 | |
| oracle | weblogic_server | 12.1.3.0.0 | |
| oracle | weblogic_server | 12.2.1.1.0 | |
| oracle | weblogic_server | 12.2.1.2.0 | |
| arubanetworks | clearpass_policy_manager | * | |
| netapp | oncommand_balance | - |
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Apache Struts Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", matchCriteriaId: "40D3EE72-E37F-4F4C-996D-50E144CF43DD", versionEndExcluding: "2.3.32", versionStartIncluding: "2.2.3", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", matchCriteriaId: "E2F63D06-B26A-4DB6-8B07-B847554ABCA8", versionEndExcluding: "2.5.10.1", versionStartIncluding: "2.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:7.7.1.6:*:*:*:*:*:*:*", matchCriteriaId: "5AB119E1-7736-4C99-AD9C-9E8820769D4F", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:7.8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A8A0C06E-B833-4A52-B1F0-FEC9BEF372A4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:7.7.1.6:*:*:*:*:*:*:*", matchCriteriaId: "F445D22E-8976-4ADC-81FD-49B351B2802A", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:7.8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B9E6724-8796-4DD5-9CE2-8E602DA893F9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:7.7.1.6:*:*:*:*:*:*:*", matchCriteriaId: "D1D7A801-1861-4479-9367-60F792BF8016", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:7.8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EDF96E49-9530-4718-B5A9-7366D10CC890", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:storage_v5030_firmware:7.7.1.6:*:*:*:*:*:*:*", matchCriteriaId: "371CD28E-6187-4EB1-8B73-645F7A6BFFD6", vulnerable: true, }, { criteria: "cpe:2.3:o:lenovo:storage_v5030_firmware:7.8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "DA0AFFAA-F7AE-416C-A40D-24F972EE18BD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:storage_v5030:-:*:*:*:*:*:*:*", matchCriteriaId: "A2A4179B-51C5-486B-8CFF-D49436D60910", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:server_automation:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "112DFE68-A609-4B76-8227-4DE9CAC25F54", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:server_automation:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "951C042F-9C83-4DBB-8070-A926A1B46591", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:server_automation:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "AC9404A4-6B73-436E-A8FB-914530D6000A", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:server_automation:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "32AFBE84-5394-49A1-844A-ED964A46ACF7", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:server_automation:10.5.0:*:*:*:*:*:*:*", matchCriteriaId: "38ABFD4F-8E97-4418-A921-BF9F4D95A4A4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "29F4C533-DE42-463B-9D80-5D4C85BF1A5B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "3A1728D5-E03B-49A0-849C-B722197AF054", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D1193B0-59C9-4AC0-BBA0-CED6FCC91883", versionEndExcluding: "6.6.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", matchCriteriaId: "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.", }, { lang: "es", value: "El analizador sintáctico Jakarta Multipart en Apache Struts 2 en versiones 2.3.x anteriores a la 2.3.32 y versiones 2.5.x anteriores a la 2.5.10.1 no maneja correctamente las excepciones y la generación de mensajes de error, lo que permite a atacantes remotos ejecutar comandos arbitrarios a través de una cadena #cmd= en un encabezado HTTP de Content-Type, Content-Disposition o Content-Length manipulado.", }, ], id: "CVE-2017-5638", lastModified: "2025-03-21T21:08:49.543", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2017-03-11T02:59:00.150", references: [ { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt", }, { source: "security@apache.org", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "security@apache.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96729", }, { source: "security@apache.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037973", }, { source: "security@apache.org", tags: [ "Exploit", "Press/Media Coverage", ], url: "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/", }, { source: "security@apache.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://cwiki.apache.org/confluence/display/WW/S2-045", }, { source: "security@apache.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://cwiki.apache.org/confluence/display/WW/S2-046", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://exploit-db.com/exploits/41570", }, { source: "security@apache.org", tags: [ "Broken Link", ], url: "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a", }, { source: "security@apache.org", tags: [ "Broken Link", ], url: "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228", }, { source: "security@apache.org", tags: [ "Exploit", ], url: "https://github.com/mazen160/struts-pwn", }, { source: "security@apache.org", tags: [ "Exploit", "Issue Tracking", ], url: "https://github.com/rapid7/metasploit-framework/issues/8064", }, { source: "security@apache.org", tags: [ "Broken Link", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://isc.sans.edu/diary/22169", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20170310-0001/", }, { source: "security@apache.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://struts.apache.org/docs/s2-045.html", }, { source: "security@apache.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://struts.apache.org/docs/s2-046.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://support.lenovo.com/us/en/product_security/len-14200", }, { source: "security@apache.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://twitter.com/theog150/status/841146956135124993", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/41614/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/834067", }, { source: "security@apache.org", tags: [ "Broken Link", ], url: "https://www.symantec.com/security-center/network-protection-security-advisories/SA145", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037973", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Press/Media Coverage", ], url: "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://cwiki.apache.org/confluence/display/WW/S2-045", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://cwiki.apache.org/confluence/display/WW/S2-046", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://exploit-db.com/exploits/41570", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/mazen160/struts-pwn", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", ], url: "https://github.com/rapid7/metasploit-framework/issues/8064", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://isc.sans.edu/diary/22169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20170310-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://struts.apache.org/docs/s2-045.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://struts.apache.org/docs/s2-046.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.lenovo.com/us/en/product_security/len-14200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://twitter.com/theog150/status/841146956135124993", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/41614/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/834067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://www.symantec.com/security-center/network-protection-security-advisories/SA145", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-755", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) podrían permitir que un usuario autenticado obtenga información sensible que no podría leer por no tener la autorización para ello. IBM X-Force ID: 140395.", }, ], id: "CVE-2018-1464", lastModified: "2024-11-21T03:59:52.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.603", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-09-25 01:55
Modified
2025-04-12 10:46
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
References
Impacted products
{ cisaActionDue: "2022-07-28", cisaExploitAdd: "2022-01-28", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*", matchCriteriaId: "F4DBE402-1B0A-4854-ABE5-891321454C25", versionEndIncluding: "4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "DCA5A28D-79B6-4F3E-9C98-65D4DFAD8EE7", versionEndExcluding: "4.9.12", versionStartIncluding: "4.9.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "9B1DC7EF-C994-4252-9DFE-DCA63FB17AE0", versionEndExcluding: "4.10.9", versionStartIncluding: "4.10.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "9056776F-03F6-4C3D-8635-37D66FD16EAA", versionEndExcluding: "4.11.11", versionStartIncluding: "4.11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "AFEE6963-F73F-4B71-B4F8-6E550FBDA5F6", versionEndExcluding: "4.12.9", versionStartIncluding: "4.12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "8296875A-64FA-4592-848A-A923126BD8AF", versionEndExcluding: "4.13.9", versionStartIncluding: "4.13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "816A16AF-1F5E-483A-AA89-3022818FAE43", versionEndExcluding: "4.14.4f", versionStartIncluding: "4.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:4:*:*:*:*:*:*:*", matchCriteriaId: "F8421899-5D10-4C2B-88AA-3DA909FE3E67", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", matchCriteriaId: "62A2AC02-A933-4E51-810E-5D040B476B7B", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", matchCriteriaId: "D7B037A8-72A6-4DFF-94B2-D688A5F6F876", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", matchCriteriaId: "BE8B7F1F-22F6-4B10-A6E5-DE44B1D2E649", versionEndExcluding: "4.1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:4.1.1:-:*:*:*:*:*:*", matchCriteriaId: "F407EA72-BA1A-41A2-B699-874304A638A5", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:4.1.1:build_0927:*:*:*:*:*:*", matchCriteriaId: "DDA25903-B334-438B-8196-B9E5119199D1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*", matchCriteriaId: "76F1E356-E019-47E8-AA5F-702DA93CF74E", vulnerable: true, }, { criteria: "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", matchCriteriaId: "F805A106-9A6F-48E7-8582-D3C5A26DFC11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC489F35-07F1-4C3E-80B9-78F0689BC54B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization:3.4:*:*:*:*:*:*:*", matchCriteriaId: "95CE35FC-266F-4025-A0B8-FB853C020800", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "6172AF57-B26D-45F8-BE3A-F75ABDF28F49", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", matchCriteriaId: "6252E88C-27FF-420D-A64A-C34124CF7E6A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*", matchCriteriaId: "8A8E07B7-3739-4BEB-88F8-C7F62431E889", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "569964DA-31BE-4520-A66D-C3B09D557AB8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "807C024A-F8E8-4B48-A349-4C68CD252CA1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "F96E3779-F56A-45FF-BB3D-4980527D721E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.9_s390x:*:*:*:*:*:*:*", matchCriteriaId: "EC5537E1-1E8E-49C5-B4CB-A8E2EE3F5088", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "804DFF9F-BAA8-4239-835B-6182471A224F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.5_s390x:*:*:*:*:*:*:*", matchCriteriaId: "9EE496C0-35F7-44DC-B3F0-71EA3A613C38", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.3_s390x:*:*:*:*:*:*:*", matchCriteriaId: "71179893-49F2-433C-A7AC-687075F9CC1B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "1D4C43D8-02A5-4385-A89E-F265FEEC9E9B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.5_s390x:*:*:*:*:*:*:*", matchCriteriaId: "37ECC029-3D84-4DD7-B28B-E5AD5559CF94", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.6_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F4CBED2A-B6B0-420E-BC40-160930D8662E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.7_s390x:*:*:*:*:*:*:*", matchCriteriaId: "652F7BB0-A6EA-45D0-86D4-49F4CA6C3EE0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0_ppc:*:*:*:*:*:*:*", matchCriteriaId: "29BBF1AC-F31F-4251-8054-0D89A8E6E990", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.9_ppc:*:*:*:*:*:*:*", matchCriteriaId: "C52A4A2F-6385-4E5F-B2C7-0EF7267546F6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "6D8D654F-2442-4EA0-AF89-6AC2CD214772", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.4_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "D8ED0658-5F8F-48F0-A605-A2205DA27DA5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8BCF87FD-9358-42A5-9917-25DF0180A5A6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.5_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "C385DA76-4863-4D39-84D2-9D185D322365", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "188019BF-3700-4B3F-BFA5-553B2B545B7F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "9B8B2E32-B838-4E51-BAA2-764089D2A684", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "4319B943-7B19-468D-A160-5895F7F997A3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*", matchCriteriaId: "634C23AC-AC9C-43F4-BED8-1C720816D5E3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", matchCriteriaId: "37CE1DC7-72C5-483C-8921-0B462C8284D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", matchCriteriaId: "54D669D4-6D7E-449D-80C1-28FA44F06FFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*", matchCriteriaId: "BB6ADFB8-210D-4E46-82A2-1C8705928382", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", matchCriteriaId: "92C9F1C4-55B0-426D-BB5E-01372C23AF97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", matchCriteriaId: "AD6D0378-F0F4-4AAA-80AF-8287C790EC96", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", matchCriteriaId: "AF83BB87-B203-48F9-9D06-48A5FE399050", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*", matchCriteriaId: "8821E5FE-319D-40AB-A515-D56C1893E6F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*", matchCriteriaId: "0AE981D4-0CA1-46FA-8E91-E1A4D5B31383", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*", matchCriteriaId: "F732C7C9-A9CC-4DEF-A8BE-D0F18C944C78", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", matchCriteriaId: "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*", matchCriteriaId: "74BCA435-7594-49E8-9BAE-9E02E129B6C0", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", matchCriteriaId: "3ED68ADD-BBDA-4485-BC76-58F011D72311", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", matchCriteriaId: "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*", matchCriteriaId: "CED02712-1031-4206-AC4D-E68710F46EC9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", matchCriteriaId: "35BBD83D-BDC7-4678-BE94-639F59281139", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:*", matchCriteriaId: "7F4AF9EC-7C74-40C3-A1BA-82B80C4A7EE0", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", matchCriteriaId: "CB6476C7-03F2-4939-AB85-69AA524516D9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", matchCriteriaId: "E534C201-BCC5-473C-AAA7-AAB97CEB5437", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", matchCriteriaId: "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", matchCriteriaId: "15FC9014-BD85-4382-9D04-C0703E901D7A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", matchCriteriaId: "2F7F8866-DEAD-44D1-AB10-21EE611AA026", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", matchCriteriaId: "1831D45A-EE6E-4220-8F8C-248B69520948", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:8.2:*:*:*:*:*:*:*", matchCriteriaId: "94C9C346-6DEC-4C72-9F59-BB3BEC42B551", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:9.0:*:*:*:*:*:*:*", matchCriteriaId: "2071DABB-7102-47F2-A15F-A6C03607D01F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:9.1:*:*:*:*:*:*:*", matchCriteriaId: "A8661E86-E075-427F-8E05-7A33811A3A76", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:pureapplication_system:*:*:*:*:*:*:*:*", matchCriteriaId: "BEFCC35D-1C83-4CA5-8B1D-9A637613AD7E", versionEndIncluding: "1.0.0.4", versionStartIncluding: "1.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:pureapplication_system:*:*:*:*:*:*:*:*", matchCriteriaId: "054736AF-96E0-491D-B824-CC4A35B76E14", versionEndIncluding: "1.1.0.4", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "575894EE-F13C-4D56-8B63-59A379F63BD2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_risk_manager:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0E476AEB-AD38-4033-8426-DC502497D75A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3C062C89-5DC2-46EE-A9D3-23E7539A5DAF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr1:*:*:*:*:*:*", matchCriteriaId: "20981443-6A64-4852-B2CB-3299927C6F78", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr2:*:*:*:*:*:*", matchCriteriaId: "59761BB8-FCC7-4D15-88A8-82076CCF196F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:-:*:*:*:*:*:*", matchCriteriaId: "CF399B2E-8413-4B80-A0C0-E61E8A0A8604", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p1:*:*:*:*:*:*", matchCriteriaId: "230EBA53-66AF-432B-B4C1-08D8FC903B2B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p2:*:*:*:*:*:*", matchCriteriaId: "789F398A-5CB2-48F8-AF8F-05BF0A8E04B9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p3:*:*:*:*:*:*", matchCriteriaId: "EF102659-B067-473E-AA37-EA90A82D1864", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:-:*:*:*:*:*:*", matchCriteriaId: "81DF915D-D764-4C21-B213-0ADFD844E9DB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p1:*:*:*:*:*:*", matchCriteriaId: "C29A4119-A992-4713-85D6-4FDED7CD416A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p10:*:*:*:*:*:*", matchCriteriaId: "4CA59C9D-74C2-4AFC-B1D1-1BC305FD493B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p11:*:*:*:*:*:*", matchCriteriaId: "5720A37E-1DB5-45BA-9FDE-0EAEFE1F2257", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p12:*:*:*:*:*:*", matchCriteriaId: "F03006B7-037B-491F-A09F-DEB2FF076754", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p13:*:*:*:*:*:*", matchCriteriaId: "FE78AED4-AD60-406C-82E0-BA52701B49BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p2:*:*:*:*:*:*", matchCriteriaId: "3D0B71F0-CCED-4E23-989A-3E9E2D71307C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p3:*:*:*:*:*:*", matchCriteriaId: "5CF8FC22-C556-451C-B928-F5AF8DF4BF45", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p4:*:*:*:*:*:*", matchCriteriaId: "081D3B14-45F6-4F96-944B-94D967FEFA26", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p5:*:*:*:*:*:*", matchCriteriaId: "DE2C36B5-43F8-401B-B420-1FA5F13A4D6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p6:*:*:*:*:*:*", matchCriteriaId: "D922DC5A-63F6-4188-BCDE-BB987402E47E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p7:*:*:*:*:*:*", matchCriteriaId: "BFD5737C-AAE8-4C8D-BCFE-FFDF5DA4221C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p8:*:*:*:*:*:*", matchCriteriaId: "C2BCC22C-A32B-4945-AFBC-777DBE248FB8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p9:*:*:*:*:*:*", matchCriteriaId: "92F92890-63B0-4918-A147-8852B6E2FA8A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2:*:*:*:*:*:*:*", matchCriteriaId: "8016ECD3-4417-47A8-9493-C9F9EDF5FAA5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:-:*:*:*:*:*:*", matchCriteriaId: "ED0B143A-5386-4375-AEB2-48619B2B1EF3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p1:*:*:*:*:*:*", matchCriteriaId: "E7ECA734-9E95-484F-B880-2491A0E2531B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p2:*:*:*:*:*:*", matchCriteriaId: "5D7CD9E9-033C-44B8-A68C-47AC260873E1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p3:*:*:*:*:*:*", matchCriteriaId: "07B660DC-A94F-48F0-A2F4-1C39CC4751A5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:-:*:*:*:*:*:*", matchCriteriaId: "44D355AE-A8C0-4D7B-87FE-5D4138B6BB2E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p1:*:*:*:*:*:*", matchCriteriaId: "329C8551-98D1-4255-B598-9E75A071C186", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p2:*:*:*:*:*:*", matchCriteriaId: "FD0687B7-F374-4368-AD9E-041123B23A6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p3:*:*:*:*:*:*", matchCriteriaId: "D0330E77-454E-4E77-9628-50681B748491", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:-:*:*:*:*:*:*", matchCriteriaId: "3863726E-15AD-4A47-85CB-0C9965E76EF1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p1:*:*:*:*:*:*", matchCriteriaId: "5C07D9DC-E6C1-4FB0-86F1-144FD51B08CD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p2:*:*:*:*:*:*", matchCriteriaId: "3105129C-8FE8-4BF0-8CB9-A7F3F7FE1107", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p3:*:*:*:*:*:*", matchCriteriaId: "D1F35447-889F-4CE9-9473-87046B4707EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p4:*:*:*:*:*:*", matchCriteriaId: "A3A5DFC0-BBD7-430C-A026-E1F34E08894D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:-:*:*:*:*:*:*", matchCriteriaId: "141E8F6A-3998-4F22-A717-3F52BC998F97", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p1:*:*:*:*:*:*", matchCriteriaId: "F09AA197-BB55-4CF0-AC29-4449C07DE510", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p2:*:*:*:*:*:*", matchCriteriaId: "3E468E33-B183-4830-97E2-EAF9FD3758E9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p3:*:*:*:*:*:*", matchCriteriaId: "738C8F2B-3D3E-4E1F-977A-05D3A39F115D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p4:*:*:*:*:*:*", matchCriteriaId: "1ED03E83-909B-423F-81F2-34AB7F24BBE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:-:*:*:*:*:*:*", matchCriteriaId: "9778E8AA-A034-4B04-A42E-6A182378C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p1:*:*:*:*:*:*", matchCriteriaId: "AEE15598-4064-4E31-86BA-7851AA4B76C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p2:*:*:*:*:*:*", matchCriteriaId: "59FE3789-FB47-4939-B9AA-86D203445526", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p3:*:*:*:*:*:*", matchCriteriaId: "2F96389A-82B9-42DE-8E93-D2B2EE610F7A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p4:*:*:*:*:*:*", matchCriteriaId: "3131CDA5-1C4D-489C-8788-FA396F8ADB2C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p5:*:*:*:*:*:*", matchCriteriaId: "DCC7DF3E-658C-41D7-A4AC-433440A02092", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p6:*:*:*:*:*:*", matchCriteriaId: "EEBB12B8-4EF6-42B9-9D28-A9CA129B0FBA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:-:*:*:*:*:*:*", matchCriteriaId: "279C30FB-EA1C-4D1D-A37E-F1EEF79F19F4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p1:*:*:*:*:*:*", matchCriteriaId: "D6870C1E-E4A4-4666-89DB-D72C8100D27E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p2:*:*:*:*:*:*", matchCriteriaId: "BE183CA0-FFBB-4746-8BBE-5D1910DD2100", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p3:*:*:*:*:*:*", matchCriteriaId: "D04B5EBF-C94C-4A44-9A7E-75623CAF832C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p4:*:*:*:*:*:*", matchCriteriaId: "5723FDF4-198B-488E-B075-F528EC6E4D18", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p5:*:*:*:*:*:*", matchCriteriaId: "7E23A972-5BCA-4C7E-B6F9-AD54992861A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p6:*:*:*:*:*:*", matchCriteriaId: "1D00AFC9-8A9C-4BB1-9E60-BC6D552DC8E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:-:*:*:*:*:*:*", matchCriteriaId: "BFE4D0FF-6445-4E14-9536-ADB32662B346", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p1:*:*:*:*:*:*", matchCriteriaId: "C7FC4FDA-1C8D-4D7A-B5EA-D905FA830805", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p2:*:*:*:*:*:*", matchCriteriaId: "753AA0F3-09F4-4E34-8E72-FAFD8BFE18EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p3:*:*:*:*:*:*", matchCriteriaId: "9AC763FD-C143-4CA3-9A24-D50C9ED243D5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p4:*:*:*:*:*:*", matchCriteriaId: "299C6CBE-905F-4E59-AF2F-89A1CD767916", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p5:*:*:*:*:*:*", matchCriteriaId: "78538461-1B7E-4712-AA8D-D2EA3477635B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p6:*:*:*:*:*:*", matchCriteriaId: "E3FF46F1-EF19-49D7-9EDD-44441C1A3F94", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p7:*:*:*:*:*:*", matchCriteriaId: "D9F91FB6-7D8F-4D89-B6BA-2C6DF15B9A51", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:-:*:*:*:*:*:*", matchCriteriaId: "5725106C-A650-4C24-9636-1200BD44CCA4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p1:*:*:*:*:*:*", matchCriteriaId: "F1501425-96F7-487B-9588-FDA2DAC3790A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p2:*:*:*:*:*:*", matchCriteriaId: "48D95998-9434-4AFF-9983-0D7AC34176A3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p3:*:*:*:*:*:*", matchCriteriaId: "D60BB309-860D-4D74-B08F-F94AFE84C881", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p4:*:*:*:*:*:*", matchCriteriaId: "F63E864E-6323-41B4-956F-51F9364DFAE2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:-:*:*:*:*:*:*", matchCriteriaId: "EC724282-7431-465E-8E60-4037121B8838", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p1:*:*:*:*:*:*", matchCriteriaId: "73151221-C102-4425-9316-1EE4CAAB6531", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p10:*:*:*:*:*:*", matchCriteriaId: "D1E9DDCD-6D22-4175-94EF-D8A5457E7355", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p11:*:*:*:*:*:*", matchCriteriaId: "35AB906F-43CD-4D54-8274-1FD551532E58", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p12:*:*:*:*:*:*", matchCriteriaId: "1ADC75F0-B27E-4B15-B829-482FBA0063A5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p13:*:*:*:*:*:*", matchCriteriaId: "D015D670-8AEA-49A3-8D22-9E3009322EB0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p14:*:*:*:*:*:*", matchCriteriaId: "C18F3CC3-9BCF-4DE8-B7CA-59587D5E61F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p15:*:*:*:*:*:*", matchCriteriaId: "E543BC0F-ADFB-4CF2-BC6C-90DC76BE3A95", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p16:*:*:*:*:*:*", matchCriteriaId: "28CE650B-BE03-4EDF-BE27-2FA6657F7A52", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p2:*:*:*:*:*:*", matchCriteriaId: "2356A4E6-561B-40CA-8348-B30D581B1E46", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p3:*:*:*:*:*:*", matchCriteriaId: "74509F3F-840E-48B8-88B1-EA4FFB90ACC3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p4:*:*:*:*:*:*", matchCriteriaId: "BE7BD528-628F-4CA9-9FE8-8A79BDC97680", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p5:*:*:*:*:*:*", matchCriteriaId: "26118C2B-78CC-4038-9DEA-7A9417029790", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p6:*:*:*:*:*:*", matchCriteriaId: "29EBC1DD-6949-4B12-8CA5-EE2BCDB8C4C3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p7:*:*:*:*:*:*", matchCriteriaId: "4F445D93-D482-4A74-810D-66D78CBCAFED", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p8:*:*:*:*:*:*", matchCriteriaId: "2C9F200C-ECC9-4D51-AFE7-E99C16D09148", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p9:*:*:*:*:*:*", matchCriteriaId: "56B87CB5-0F77-4040-BB58-9DBF5723A4FD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8.15:*:*:*:*:*:*:*", matchCriteriaId: "F4B3321B-11AD-43EB-867C-FA4FA6A5421E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.9:*:*:*:*:*:*:*", matchCriteriaId: "DFB104CA-55CD-4B9E-A2F7-CC06E57663CB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "4975223D-9E31-4CEC-A4B6-C0996828B855", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "22E0F4A7-B8BD-42D1-92DB-2B510FFC9C36", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "C15C820B-4778-4B8F-8BD8-E996F1D4062D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.3:*:*:*:*:*:*:*", matchCriteriaId: "A42E70EE-2E23-4D92-ADE0-9177B9EDD430", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.4:*:*:*:*:*:*:*", matchCriteriaId: "01C91446-4A36-4FCE-A973-3E6F813FABC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p1:*:*:*:*:*:*", matchCriteriaId: "58281E62-E350-4B0D-9322-8BA1E1773CB2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p2:*:*:*:*:*:*", matchCriteriaId: "BF1A152E-5795-4319-BD4D-855DE19C744C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p3:*:*:*:*:*:*", matchCriteriaId: "438FCE7F-035A-4D89-96FE-EE5278C85493", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p4:*:*:*:*:*:*", matchCriteriaId: "80900F2C-7CFA-4C40-A6B5-51E12C3DA187", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p5:*:*:*:*:*:*", matchCriteriaId: "DDE9A060-1D4D-46E5-A34F-CC4CFA260D94", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p6:*:*:*:*:*:*", matchCriteriaId: "33F900E6-AE47-4789-A337-70C6BEF22895", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p7:*:*:*:*:*:*", matchCriteriaId: "AD2E5054-2151-414D-A88F-6697FF280D41", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:-:*:*:*:*:*:*", matchCriteriaId: "3EB09361-372E-4F51-B255-C7D2DB41969F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p1:*:*:*:*:*:*", matchCriteriaId: "A36D6991-3728-4F60-A443-37652DFAA053", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p10:*:*:*:*:*:*", matchCriteriaId: "4142CC4E-9F0D-4017-8D17-D59FBCEB36F1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p11:*:*:*:*:*:*", matchCriteriaId: "63C0F7CA-5F3C-41D4-AAD6-084643115D85", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p12:*:*:*:*:*:*", matchCriteriaId: "1D16C66D-15BF-4EB8-8D78-DF12A69BD7F8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p13:*:*:*:*:*:*", matchCriteriaId: "81C388DC-0941-4D08-8C1C-BD43D9B0DC8F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p14:*:*:*:*:*:*", matchCriteriaId: "45CD14D8-665A-46C5-8387-33FF266822A7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p15:*:*:*:*:*:*", matchCriteriaId: "D510329D-B39E-4E2B-AAEC-1FDA7869C9E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p16:*:*:*:*:*:*", matchCriteriaId: "4640FE06-4D22-442E-A0E0-76EEFAF6ECB4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p17:*:*:*:*:*:*", matchCriteriaId: "6A846C69-CA94-4F5E-9E02-69EA6680549E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p2:*:*:*:*:*:*", matchCriteriaId: "F3E63ECF-25CB-4E7F-BF51-B4D7B3541AE6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p3:*:*:*:*:*:*", matchCriteriaId: "FF14DD4F-6779-4B17-AB1B-D4DE58E7E231", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p4:*:*:*:*:*:*", matchCriteriaId: "7AAEE176-631A-41B9-BC40-93F866DA9D5E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p5:*:*:*:*:*:*", matchCriteriaId: "75C963D5-F2D1-49EE-93B5-CA7FE7EAB98C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p6:*:*:*:*:*:*", matchCriteriaId: "9388D932-9818-4A68-9543-B0643166DB2A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p7:*:*:*:*:*:*", matchCriteriaId: "770A9287-C910-4690-9402-0C0B7BAC8912", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p8:*:*:*:*:*:*", matchCriteriaId: "3F8AC068-D5AC-4042-8A7C-5B95EA0E85F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p9:*:*:*:*:*:*", matchCriteriaId: "B503F1F7-F439-420D-B465-9A51CCECAB06", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "27948B08-C452-41FB-B41F-6ADB3AAE087E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8AB8FB4C-5BBC-420D-84F0-C8424DC25CD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CAF1F14C-DB2C-40A8-B899-C127C7ECC0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E87FA9CC-D201-430F-8FE6-8C9A88CEAB1C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_provisioning:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4D7F2743-71BB-4011-B919-7E8032B6B72F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:*:*:*:*:kvm:*:*:*", matchCriteriaId: "3738FAC6-B90B-4014-9E86-17ED6D19D23D", versionEndExcluding: "1.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:*:*:*:*:openflow:*:*:*", matchCriteriaId: "35B6634E-4F09-423C-87E7-59D4127CC023", versionEndExcluding: "1.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:*:*:*:*:vmware:*:*:*", matchCriteriaId: "0A7A7100-A1DA-4191-A4C1-D930829A3DC2", versionEndExcluding: "1.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:starter_kit_for_cloud:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "83739ED7-37F1-4712-8C81-E56F58790240", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:workload_deployer:*:*:*:*:*:*:*:*", matchCriteriaId: "1CDD227E-1F98-4F73-BB65-3820F39127F0", versionEndIncluding: "3.1.0.7", versionStartIncluding: "3.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "EA4B8E11-83D3-4B38-90B6-4C0F536D06B6", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "250AF7A4-8DDF-427C-8BF7-788667908D77", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "22433CE0-9772-48CE-8069-612FF3732C21", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "2569AA28-5C61-4BBD-A501-E1ACFA36837B", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3AB188A2-D7CE-4141-A55A-C074C84E366E", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "DE776097-1DA4-4F27-8E96-61E3D9FFE8D0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "FE4E5283-0FEE-4F37-9C41-FA695063FF79", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*", matchCriteriaId: "73EB6121-62CD-49FC-A1D2-5467B007253C", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97E19969-DD73-42F2-9E91-504E1663B268", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F9CC2E05-5179-4241-A710-E582510EEB0D", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB18F38-AC6A-406A-A4DD-40688B803744", versionEndExcluding: "1.4.3.5", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DFE781C8-40F7-4F6D-8FED-8EB3071FE9DB", versionEndExcluding: "1.5.0.4", versionStartIncluding: "1.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5AB3395-B458-49F8-A8E3-25FF0C1C3BD3", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1EC57FAE-AD4D-4C9F-97A4-581C977B5FE4", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47A17EE0-7D3E-4CD7-984C-BB17BF6F4BFD", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33A46CF2-392A-4BB9-B4BF-DE8C5228CAAE", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C4EF774-BD92-444D-9583-25DB97CDA4F3", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8753BBDB-A858-4A51-A8FD-8DF8DF2734A0", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0FB9850A-3308-4277-A68C-AD418612101E", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C84D7A48-6745-49D3-AE52-31DD7EEC0D61", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4A1A3A3E-5636-4422-9B7B-B3D97989E674", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7384B993-049F-48D7-86D6-FE221C783245", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B1DF6129-9CEA-4812-800F-A6FD5095D60E", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:flex_system_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "79788A89-4152-4B4B-BFF0-518D90EE4D2B", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:flex_system_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "680738C5-63D5-4F60-9610-FD0D87FCBBCA", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:flex_system_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "872E2102-6BE6-42B6-93B0-942B7DABCBDA", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:flex_system_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "DACA26CF-7C3F-4215-B032-ED9C5EFD57D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E6E31991-DF33-4F00-8430-7B626E8174CE", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B2E25BB0-6F5A-4A7B-9147-D4E17014C747", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B80C1675-4948-45DC-B593-EDB1354E42F3", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:stn6500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1CE69F8D-5EEE-4BC7-939C-CE71BCD2E11D", versionEndExcluding: "3.8.0.07", versionStartIncluding: "3.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDEC166F-A967-4616-B9EF-503054EFD197", versionEndExcluding: "3.9.1.08", versionStartIncluding: "3.9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "713E71BC-16F5-41E3-9816-74D5E8D8C9A9", versionEndExcluding: "4.1.2.06", versionStartIncluding: "4.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:stn6500:-:*:*:*:*:*:*:*", matchCriteriaId: "4D2487E0-046C-476F-BFF4-EF77D9E856D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:stn6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0287F3CD-2151-491D-8BC3-6D3921BE8FFA", versionEndExcluding: "3.8.0.07", versionStartIncluding: "3.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C4179899-87B4-42C3-8245-9A34EC04F6A1", versionEndExcluding: "3.9.1.08", versionStartIncluding: "3.9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B8CED766-9742-4037-8005-F0BDDE9176DD", versionEndExcluding: "4.1.2.06", versionStartIncluding: "4.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:stn6800:-:*:*:*:*:*:*:*", matchCriteriaId: "C41EEAEC-08AE-4478-8977-5A4D7B48C175", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:stn7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "298C961D-5E5F-4277-B192-A4C29243BECC", versionEndExcluding: "3.8.0.07", versionStartIncluding: "3.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E5A76C40-BA90-4FBD-8DFF-4AF8F952963A", versionEndExcluding: "3.9.1.08", versionStartIncluding: "3.9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B0663FBC-01C0-4AD8-A0B8-6097E537D352", versionEndExcluding: "4.1.2.06", versionStartIncluding: "4.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:stn7800:-:*:*:*:*:*:*:*", matchCriteriaId: "CE145DE3-3C9B-4949-B6D4-9B259372CCE0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", matchCriteriaId: "01EDA41C-6B2E-49AF-B503-EB3882265C11", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:10.3:*:*:*:*:*:*:*", matchCriteriaId: "0ABC25E5-76CD-469B-879A-B1F7109D0181", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11:*:*:*:*:*:*:*", matchCriteriaId: "98942F6C-330F-459A-B2B4-72572DB4070E", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11.1:*:*:*:*:*:*:*", matchCriteriaId: "F5A92B0C-7256-45F0-8E0C-ADFEF36CF43D", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11.2:*:*:*:*:*:*:*", matchCriteriaId: "8C0BAB94-6521-4B57-9E56-A57BA5E20C24", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3A7788E5-93B9-4149-8823-2ACBA5CF17E0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:open_enterprise_server:2.0:sp3:*:*:*:linux_kernel:*:*", matchCriteriaId: "B41B4ECD-6F30-46F5-A559-1CEFC7964873", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:open_enterprise_server:11.0:sp2:*:*:*:linux_kernel:*:*", matchCriteriaId: "D42ADCD9-1455-401C-B94F-D367A78A2B97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:checkpoint:security_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "2853A787-E5F1-4455-9482-7C538B80556C", versionEndExcluding: "r77.30", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "79618AB4-7A8E-4488-8608-57EC2F8681FE", versionEndIncluding: "10.2.4", versionStartIncluding: "10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8E910D60-1145-4229-9890-80D2D67C3845", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "48BBEF73-E87D-467F-85EB-47BE212DF0E8", versionEndIncluding: "11.5.1", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B276E4DF-69FC-4158-B93A-781A45605034", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "EE23220D-E364-41B7-A440-43B3AA4A716A", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C483253F-841E-4D4E-9B4A-932E9D07268B", versionEndIncluding: "11.5.1", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B40837-EC2B-41FB-ACC3-806054EAF28C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "667D3780-3949-41AC-83DE-5BCB8B36C382", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "4F0E7766-BDB4-42AB-B6CC-6B4E86A10038", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "475F0EF8-42CB-4099-9C4A-390F946C4924", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "A8347412-DC42-4B86-BF6E-A44A5E1541ED", versionEndIncluding: "10.2.4", versionStartIncluding: "10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "C8942D9D-8E3A-4876-8E93-ED8D201FF546", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7B5AF8C8-578E-4FD7-8BAA-53A57EE4C653", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "06BA93C0-A7AE-4A8E-BD74-08149A204463", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "D7D7863D-B064-4D7A-A66B-C3D3523425FD", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "1DF6BB8A-FA63-4DBC-891C-256FF23CBCF0", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "3E0D8F52-0EAD-4E02-A8D8-CBAE2CDC703B", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "5CDEC701-DAB3-4D92-AA67-B886E6693E46", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "289CEABB-22A2-436D-AE4B-4BDA2D0EAFDB", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C6D61BF2-69D8-4AD2-85CD-D87F640A6888", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "2FF5A5F6-4BA3-4276-8679-B5560EACF2E0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E9A06D61-E6CB-4A8A-B06D-9FEA1812C167", versionEndIncluding: "11.5.1", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "2C0B4C01-C71E-4E35-B63A-68395984E033", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "9828CBA5-BB72-46E2-987D-633A5B3E2AFF", versionEndIncluding: "11.4.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BB60C39D-52ED-47DD-9FB9-2B4BC8D9F8AC", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "68BC025A-D45E-45FB-A4E4-1C89320B5BBE", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "AE007A64-5867-4B1A-AEFB-3AB2CD6A5EA4", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "7C75978B-566B-4353-8716-099CB8790EE0", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "BC24B891-6DBA-4C02-B4CF-8D1CA53B4B74", versionEndIncluding: "4.4.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*", matchCriteriaId: "0BB0FDAC-C49D-4E63-ACA9-7BAD7C93A5D2", versionEndIncluding: "4.4.0", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*", matchCriteriaId: "3AEB1FC5-1179-4DE9-99A2-D650167A7A60", versionEndIncluding: "4.4.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0ADD1B04-9F78-40B3-8314-6935277073B0", versionEndIncluding: "2.3.0", versionStartIncluding: "2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "482E630B-93A1-4B9B-8273-821C116ADC4F", versionEndIncluding: "3.1.1", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "1343FBDC-4BF0-403B-B257-96672F092263", versionEndIncluding: "4.0.5", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "7C138527-73D3-4AEE-BFAB-1D240A585A0F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "8F2EB3D6-EF4C-4241-A31E-3990664004A7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8F0CD8F8-26CE-43F0-87EB-A08F1D1EDB25", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1D1168D2-93D5-4415-A666-B4BE0B2AC201", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48A2FBA9-207F-4F16-932D-BF0BA3440503", versionEndIncluding: "6.4.0", versionStartIncluding: "6.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*", matchCriteriaId: "4C6AC80F-9D91-468D-BEE3-6A0759723673", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_sdx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF1DB4B7-AFCC-4D56-95BA-C66AB7A36680", versionEndExcluding: "9.3.67.5r1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_sdx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "665EF643-3CDC-4518-9693-0D49F0870283", versionEndExcluding: "10.1.129.11r1", versionStartIncluding: "10", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_sdx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BAE3CC45-49E5-40DE-B5C3-52A754A9C599", versionEndExcluding: "10.5.52.11r1", versionStartIncluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_sdx:-:*:*:*:*:*:*:*", matchCriteriaId: "8968E39A-1E16-4B7F-A16A-190EBC20D04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "864B5480-704F-4636-A938-7D95AD4223AD", versionEndExcluding: "10.10.0", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:*:*:*:*:*:*:*", matchCriteriaId: "35D34345-0AD1-499C-9A74-982B2D3F305A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update_1:*:*:*:*:*:*", matchCriteriaId: "3DF3F07E-6F4E-4B97-B313-7DA3E8A88451", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update_2:*:*:*:*:*:*", matchCriteriaId: "5C98B0EA-7A52-4BDF-90C2-38797FC2B75A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:*:*:*:*:*:*:*", matchCriteriaId: "FECF06B5-3915-48F0-A140-41C7A27EE99D", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:update_1:*:*:*:*:*:*", matchCriteriaId: "BBD8B161-0A07-492F-89E4-7A0BD02F6464", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:update_2:*:*:*:*:*:*", matchCriteriaId: "F3E8E0E1-FF63-425D-8C22-86B16CFB7B1A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.5:-:*:*:*:*:*:*", matchCriteriaId: "29DF8DD7-B5CC-4152-A726-1D48459068D0", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.5:update_1:*:*:*:*:*:*", matchCriteriaId: "DB2E2AAD-E221-4227-A41B-DC01BFDFCD6C", vulnerable: true, }, { criteria: "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BC337BB7-9A45-4406-A783-851F279130EE", vulnerable: true, }, { criteria: "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*", matchCriteriaId: "0B6BA46F-4E8C-4B2A-AE92-81B9F1B4D56C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.", }, { lang: "es", value: "GNU Bash hasta 4.3 bash43-025 procesa cadenas finales después de la definición malformada de funciones en los valores de variables de entorno, lo que permite a atacantes remotos escribir hacia ficheros o posiblemente tener otro impacto desconocido a través de un entorno manipulado, tal y como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en la cual establecer el entorno ocurre a través de un límite privilegiado de la ejecución de Bash. Nota: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-6271.", }, ], id: "CVE-2014-7169", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2014-09-25T01:55:04.367", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0393.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-1306.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-3075.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-3077.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-3078.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1306.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1311.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1312.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/58200", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59272", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59737", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59907", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60024", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60034", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60044", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60055", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60063", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60193", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60325", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60433", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60947", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61065", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61128", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61129", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61188", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61283", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61287", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61291", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61312", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61313", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61328", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61442", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61471", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61479", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61485", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61503", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61550", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61552", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61565", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61603", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61618", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61619", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61622", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61626", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61633", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61641", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61643", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61654", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61676", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61700", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61703", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61711", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61715", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61780", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61816", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61855", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61857", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61873", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/62228", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/62312", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/62343", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6495", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.novell.com/security/cve/CVE-2014-7169.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://twitter.com/taviso/statuses/514887394294652929", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-3035", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2014/09/24/32", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2363-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2363-2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/articles/1200223", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/node/1200223", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT6535", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.citrix.com/article/CTX200217", }, { source: "cve@mitre.org", tags: [ "Permissions Required", ], url: "https://support.citrix.com/article/CTX200223", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/34879/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/support/shellshock/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0393.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-1306.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-3075.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-3077.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-3078.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1306.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1311.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1312.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/58200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59737", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59907", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60055", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60063", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61065", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61291", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61313", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61328", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61471", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61479", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61485", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61550", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61552", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61565", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61618", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61619", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61622", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61643", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61700", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61715", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61780", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61855", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61857", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/62228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/62312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/62343", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.novell.com/security/cve/CVE-2014-7169.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://twitter.com/taviso/statuses/514887394294652929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-3035", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2014/09/24/32", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2363-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2363-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/articles/1200223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/node/1200223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT6535", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.citrix.com/article/CTX200217", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://support.citrix.com/article/CTX200223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/34879/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/support/shellshock/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) podrían permitir que un usuario autenticado acceda a archivos del sistema a los que no debería tener acceso, incluyendo la eliminación de archivos o provocar una denegación de servicio (DoS). IBM X-Force ID: 140363.", }, ], id: "CVE-2018-1462", lastModified: "2024-11-21T03:59:52.127", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.493", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.", }, { lang: "es", value: "En los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1), web handler /DownloadFile no requiere autenticación para leer archivos arbitrarios del sistema. IBM X-Force ID: 139473.", }, ], id: "CVE-2018-1433", lastModified: "2024-11-21T03:59:48.683", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.243", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139473", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139473", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.", }, { lang: "es", value: "En los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1), web handler /DLSnap podría permitir que un atacante no autenticado lea archivos arbitrarios del sistema. IBM X-Force ID: 139566.", }, ], id: "CVE-2018-1438", lastModified: "2024-11-21T03:59:49.253", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.387", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139566", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139566", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D89606B4-1FED-4E6D-A9C4-743AD4370F13", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B321B55-5FFC-45E5-9321-9597E7A94A82", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D4ACA74-BAB6-47D1-BC50-8F07C4747462", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CD4279C-71D2-486B-90B8-10A1EC76A0F5", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6489151B-4186-4053-85F0-46D2B1B1757C", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB9F3B31-D576-4409-9169-1E75817F9B8A", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1CC99A-766D-424F-B326-B37730E3DA2C", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC5E991F-8158-4D5C-A386-758F66A6BF30", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21E4C68D-88AA-435C-847B-3240E1A01FFD", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B1B3F80-E9E5-42D5-8E90-3121C6D68CFC", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EBC87F57-1CA7-407D-900F-1D4446F90622", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D60A6F64-CD2A-47E0-8042-ABB652CD91C8", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5FBC1E8-ACE9-443C-8C9F-5699D49AFD0F", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4008901C-02BF-4E06-BAFD-478F4DD617C4", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A57126DD-E859-445F-BD4D-319E274E2C57", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEABCC87-2B83-40CA-B294-1DA05B0D3B73", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD485024-AF76-4DCA-96EC-6B53B884FD7F", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6520AA-BE3E-4201-9801-6CCB44C32A44", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334EAB80-5459-4B63-97E1-2037CEEA0F7D", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69D74D0E-3687-47C7-A5A6-D9236DAA36B1", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9AE767-4FD6-4B67-BDB7-0791DB021730", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94970CE9-7966-425F-A4EA-5A0CC6370ADF", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F85EE26-3790-444F-85E2-22DAEDDEA551", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACB73340-A00E-49F1-B35D-B0BA587E415B", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35C17D90-428F-4429-89B3-79CEB57BCB18", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*", matchCriteriaId: "EE318865-39E2-4C29-AC4C-5FF8A915BF1E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0628E9DA-BE99-40DE-9A5C-A4E6B85C3FCA", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30B8D1B8-FBE8-4A9E-987C-CC71B8F73AE2", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A76939A-1F90-4D2F-A746-2C4B2FBB438C", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D054887-113F-484B-9C38-50C01F2FD5E7", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14696A74-D805-49B0-BE42-4573E7EF64E2", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "86AE1A09-5931-44C8-9484-0ABEE9E5B8D8", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "6D078605-01D6-4BF4-8485-60322266E343", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "D52F4979-E8D4-4718-BBBB-0576294C587D", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "B0C01653-8CB3-491F-9223-C24B33A9A4EF", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2C8858-2FB2-434F-8952-A82F1D2EDA30", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "49638631-FA8D-4B44-B243-58CCE54B4B6E", versionEndExcluding: "7.5.0.14", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "B341B1B5-D8F0-4B21-A2A8-3CBF08878769", versionEndExcluding: "7.7.1.9", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "04D55F4A-3019-4D65-9C22-FE4F029A70E0", versionEndExcluding: "7.8.1.6", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF80390-D08F-4060-A267-5229F6CA1700", versionEndExcluding: "8.1.1.2", versionStartIncluding: "8.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "E1D5EBAF-D22C-4340-B0FC-710797C23F95", versionEndExcluding: "8.1.2.1", versionStartIncluding: "8.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.", }, { lang: "es", value: "Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) podrían permitir que un usuario autenticado obtenga la clave privada que podría posibilitar la interceptación de comunicaciones en la interfaz gráfica de usuario. IBM X-Force ID: 140396.", }, ], id: "CVE-2018-1465", lastModified: "2024-11-21T03:59:52.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T21:29:00.650", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2017-5638 (GCVE-0-2017-5638)
Vulnerability from cvelistv5
Published
2017-03-11 02:11
Modified
2025-02-06 21:14
Severity ?
EPSS score ?
Summary
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Struts |
Version: 2.3.x before 2.3.32 Version: 2.5.x before 2.5.10.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:04:15.370Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/", }, { name: "41570", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://exploit-db.com/exploits/41570", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20170310-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rapid7/metasploit-framework/issues/8064", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://struts.apache.org/docs/s2-046.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us", }, { name: "VU#834067", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/834067", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://isc.sans.edu/diary/22169", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://struts.apache.org/docs/s2-045.html", }, { name: "1037973", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037973", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html", }, { name: "96729", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96729", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://twitter.com/theog150/status/841146956135124993", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mazen160/struts-pwn", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.symantec.com/security-center/network-protection-security-advisories/SA145", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/len-14200", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cwiki.apache.org/confluence/display/WW/S2-045", }, { name: "41614", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/41614/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cwiki.apache.org/confluence/display/WW/S2-046", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/", }, { name: "[announce] 20200131 Apache Software Foundation Security Report: 2019", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", }, { name: "[announce] 20210125 Apache Software Foundation Security Report: 2020", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", }, { name: "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2017-5638", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-06T21:06:33.860690Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-5638", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-755", description: "CWE-755 Improper Handling of Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-06T21:14:30.267Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache Struts", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "2.3.x before 2.3.32", }, { status: "affected", version: "2.5.x before 2.5.10.1", }, ], }, ], datePublic: "2017-03-06T00:00:00.000Z", descriptions: [ { lang: "en", value: "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-24T03:06:34.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt", }, { tags: [ "x_refsource_MISC", ], url: "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/", }, { name: "41570", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://exploit-db.com/exploits/41570", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20170310-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/rapid7/metasploit-framework/issues/8064", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://struts.apache.org/docs/s2-046.html", }, { tags: [ "x_refsource_MISC", ], url: "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us", }, { name: "VU#834067", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/834067", }, { tags: [ "x_refsource_MISC", ], url: "https://isc.sans.edu/diary/22169", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://struts.apache.org/docs/s2-045.html", }, { name: "1037973", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037973", }, { tags: [ "x_refsource_MISC", ], url: "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html", }, { name: "96729", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96729", }, { tags: [ "x_refsource_MISC", ], url: "https://twitter.com/theog150/status/841146956135124993", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/mazen160/struts-pwn", }, { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.symantec.com/security-center/network-protection-security-advisories/SA145", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/us/en/product_security/len-14200", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cwiki.apache.org/confluence/display/WW/S2-045", }, { name: "41614", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/41614/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cwiki.apache.org/confluence/display/WW/S2-046", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us", }, { tags: [ "x_refsource_MISC", ], url: "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/", }, { name: "[announce] 20200131 Apache Software Foundation Security Report: 2019", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", }, { name: "[announce] 20210125 Apache Software Foundation Security Report: 2020", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", }, { name: "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2017-5638", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Struts", version: { version_data: [ { version_value: "2.3.x before 2.3.32", }, { version_value: "2.5.x before 2.5.10.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html", refsource: "MISC", url: "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html", }, { name: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt", refsource: "CONFIRM", url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt", }, { name: "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/", refsource: "MISC", url: "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/", }, { name: "41570", refsource: "EXPLOIT-DB", url: "https://exploit-db.com/exploits/41570", }, { name: "https://security.netapp.com/advisory/ntap-20170310-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20170310-0001/", }, { name: "https://github.com/rapid7/metasploit-framework/issues/8064", refsource: "MISC", url: "https://github.com/rapid7/metasploit-framework/issues/8064", }, { name: "https://struts.apache.org/docs/s2-046.html", refsource: "CONFIRM", url: "https://struts.apache.org/docs/s2-046.html", }, { name: "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html", refsource: "MISC", url: "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html", }, { name: "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/", refsource: "MISC", url: "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/", }, { name: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us", }, { name: "VU#834067", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/834067", }, { name: "https://isc.sans.edu/diary/22169", refsource: "MISC", url: "https://isc.sans.edu/diary/22169", }, { name: "https://struts.apache.org/docs/s2-045.html", refsource: "CONFIRM", url: "https://struts.apache.org/docs/s2-045.html", }, { name: "1037973", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037973", }, { name: "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html", refsource: "MISC", url: "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html", }, { name: "96729", refsource: "BID", url: "http://www.securityfocus.com/bid/96729", }, { name: "https://twitter.com/theog150/status/841146956135124993", refsource: "MISC", url: "https://twitter.com/theog150/status/841146956135124993", }, { name: "https://github.com/mazen160/struts-pwn", refsource: "MISC", url: "https://github.com/mazen160/struts-pwn", }, { name: "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt", refsource: "MISC", url: "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt", }, { name: "https://www.symantec.com/security-center/network-protection-security-advisories/SA145", refsource: "CONFIRM", url: "https://www.symantec.com/security-center/network-protection-security-advisories/SA145", }, { name: "https://support.lenovo.com/us/en/product_security/len-14200", refsource: "CONFIRM", url: "https://support.lenovo.com/us/en/product_security/len-14200", }, { name: "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a", refsource: "CONFIRM", url: "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a", }, { name: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us", }, { name: "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228", refsource: "CONFIRM", url: "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228", }, { name: "https://cwiki.apache.org/confluence/display/WW/S2-045", refsource: "CONFIRM", url: "https://cwiki.apache.org/confluence/display/WW/S2-045", }, { name: "41614", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/41614/", }, { name: "https://cwiki.apache.org/confluence/display/WW/S2-046", refsource: "CONFIRM", url: "https://cwiki.apache.org/confluence/display/WW/S2-046", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us", }, { name: "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/", refsource: "MISC", url: "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/", }, { name: "[announce] 20200131 Apache Software Foundation Security Report: 2019", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E", }, { name: "[announce] 20210125 Apache Software Foundation Security Report: 2020", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E", }, { name: "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-5638", datePublished: "2017-03-11T02:11:00.000Z", dateReserved: "2017-01-29T00:00:00.000Z", dateUpdated: "2025-02-06T21:14:30.267Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-7169 (GCVE-0-2014-7169)
Vulnerability from cvelistv5
Published
2014-09-25 01:00
Modified
2025-02-10 19:31
Severity ?
EPSS score ?
Summary
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:40:19.217Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { name: "[oss-security] 20140924 Re: CVE-2014-6271: remote code execution through bash", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/09/24/32", }, { name: "HPSBMU03165", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { name: "HPSBHF03119", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { name: "HPSBST03131", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { name: "SSRT101819", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { name: "HPSBMU03245", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "openSUSE-SU-2014:1229", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { name: "61188", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61188", }, { name: "JVN#55667175", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { name: "61676", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61676", }, { name: "openSUSE-SU-2014:1254", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { name: "60433", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60433", }, { name: "HPSBMU03143", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { name: "HPSBMU03182", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { name: "RHSA-2014:1306", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1306.html", }, { name: "HPSBST03155", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { name: "61715", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61715", }, { name: "USN-2363-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2363-2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { name: "61816", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61816", }, { name: "openSUSE-SU-2014:1310", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { name: "61442", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61442", }, { name: "HPSBMU03246", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { name: "HPSBST03195", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { name: "61283", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61283", }, { name: "SSRT101711", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { name: "openSUSE-SU-2014:1308", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { name: "61654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61654", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { name: "62312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62312", }, { name: "59272", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59272", }, { name: "HPSBST03122", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { name: "HPSBMU03217", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "RHSA-2014:1312", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1312.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { name: "USN-2363-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2363-1", }, { name: "SSRT101868", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61703", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61703", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT6495", }, { name: "VU#252743", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { name: "61065", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61065", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://linux.oracle.com/errata/ELSA-2014-3075.html", }, { name: "HPSBST03129", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { name: "HPSBMU03144", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.novell.com/security/cve/CVE-2014-7169.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { name: "JVNDB-2014-000126", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { name: "SSRT101827", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "TA14-268A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { name: "61641", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61641", }, { name: "SUSE-SU-2014:1247", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/node/1200223", }, { name: "SUSE-SU-2014:1287", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { name: "APPLE-SA-2014-10-16-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { name: "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { name: "MDVSA-2015:164", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { name: "61619", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61619", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://linux.oracle.com/errata/ELSA-2014-3078.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { name: "HPSBMU03220", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "60325", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60325", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "60024", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60024", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { name: "34879", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/34879/", }, { name: "61622", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61622", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/articles/1200223", }, { name: "62343", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62343", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2014-0393.html", }, { name: "61565", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61565", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.suse.com/support/shellshock/", }, { name: "HPSBST03157", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { name: "61313", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61313", }, { name: "SSRT101742", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "61873", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61873", }, { name: "61485", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61485", }, { name: "openSUSE-SU-2014:1242", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html", }, { name: "61618", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61618", }, { name: "60947", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60947", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT6535", }, { name: "HPSBST03154", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { name: "HPSBGN03142", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { name: "61312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61312", }, { name: "60193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60193", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { name: "61479", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61479", }, { name: "60063", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60063", }, { name: "60034", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60034", }, { name: "HPSBMU03133", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { name: "59907", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59907", }, { name: "58200", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/58200", }, { name: "HPSBST03181", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { name: "61643", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61643", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://twitter.com/taviso/statuses/514887394294652929", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { name: "61503", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61503", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { name: "RHSA-2014:1354", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { name: "HPSBGN03117", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { name: "HPSBHF03145", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { name: "HPSBST03148", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { name: "61552", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61552", }, { name: "61780", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61780", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX200223", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://linux.oracle.com/errata/ELSA-2014-3077.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { name: "62228", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62228", }, { name: "HPSBGN03138", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { name: "61855", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61855", }, { name: "HPSBHF03124", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { name: "60044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60044", }, { name: "61291", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61291", }, { name: "HPSBHF03125", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { name: "59737", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59737", }, { name: "61287", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61287", }, { name: "HPSBHF03146", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { name: "HPSBGN03233", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "SSRT101739", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61711", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61711", }, { name: "HPSBOV03228", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { name: "HPSBGN03141", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { name: "RHSA-2014:1311", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1311.html", }, { name: "61128", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61128", }, { name: "DSA-3035", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2014/dsa-3035", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX200217", }, { name: "61471", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61471", }, { name: "60055", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60055", }, { name: "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { name: "61550", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61550", }, { name: "61633", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61633", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://linux.oracle.com/errata/ELSA-2014-1306.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { name: "SUSE-SU-2014:1259", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html", }, { name: "61328", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61328", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { name: "61129", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61129", }, { name: "61700", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61700", }, { name: "61626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61626", }, { name: "61603", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61603", }, { name: "61857", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61857", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2014-7169", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-10T19:31:47.209255Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-01-28", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-7169", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-10T19:31:56.166Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-24T00:00:00.000Z", descriptions: [ { lang: "en", value: "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-05T16:41:42.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { name: "[oss-security] 20140924 Re: CVE-2014-6271: remote code execution through bash", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2014/09/24/32", }, { name: "HPSBMU03165", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { name: "HPSBHF03119", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { name: "HPSBST03131", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { name: "SSRT101819", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { name: "HPSBMU03245", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "openSUSE-SU-2014:1229", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { name: "61188", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61188", }, { name: "JVN#55667175", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { name: "61676", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61676", }, { name: "openSUSE-SU-2014:1254", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { name: "60433", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60433", }, { name: "HPSBMU03143", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { name: "HPSBMU03182", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { name: "RHSA-2014:1306", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1306.html", }, { name: "HPSBST03155", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { name: "61715", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61715", }, { name: "USN-2363-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2363-2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { name: "61816", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61816", }, { name: "openSUSE-SU-2014:1310", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { name: "61442", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61442", }, { name: "HPSBMU03246", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { name: "HPSBST03195", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { name: "61283", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61283", }, { name: "SSRT101711", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { name: "openSUSE-SU-2014:1308", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { name: "61654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61654", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { name: "62312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62312", }, { name: "59272", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59272", }, { name: "HPSBST03122", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { name: "HPSBMU03217", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "RHSA-2014:1312", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1312.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { name: "USN-2363-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2363-1", }, { name: "SSRT101868", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61703", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61703", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT6495", }, { name: "VU#252743", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { name: "61065", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61065", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://linux.oracle.com/errata/ELSA-2014-3075.html", }, { name: "HPSBST03129", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { name: "HPSBMU03144", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.novell.com/security/cve/CVE-2014-7169.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { name: "JVNDB-2014-000126", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { name: "SSRT101827", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "TA14-268A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { name: "61641", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61641", }, { name: "SUSE-SU-2014:1247", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/node/1200223", }, { name: "SUSE-SU-2014:1287", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { name: "APPLE-SA-2014-10-16-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { name: "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { name: "MDVSA-2015:164", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { name: "61619", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61619", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://linux.oracle.com/errata/ELSA-2014-3078.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { name: "HPSBMU03220", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "60325", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60325", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "60024", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60024", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { name: "34879", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/34879/", }, { name: "61622", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61622", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/articles/1200223", }, { name: "62343", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62343", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2014-0393.html", }, { name: "61565", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61565", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.suse.com/support/shellshock/", }, { name: "HPSBST03157", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { name: "61313", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61313", }, { name: "SSRT101742", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "61873", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61873", }, { name: "61485", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61485", }, { name: "openSUSE-SU-2014:1242", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html", }, { name: "61618", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61618", }, { name: "60947", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60947", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT6535", }, { name: "HPSBST03154", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { name: "HPSBGN03142", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { name: "61312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61312", }, { name: "60193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60193", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { name: "61479", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61479", }, { name: "60063", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60063", }, { name: "60034", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60034", }, { name: "HPSBMU03133", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { tags: [ "x_refsource_MISC", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { name: "59907", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59907", }, { name: "58200", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/58200", }, { name: "HPSBST03181", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { name: "61643", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61643", }, { tags: [ "x_refsource_MISC", ], url: "http://twitter.com/taviso/statuses/514887394294652929", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { name: "61503", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61503", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { name: "RHSA-2014:1354", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { name: "HPSBGN03117", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { name: "HPSBHF03145", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { name: "HPSBST03148", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { name: "61552", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61552", }, { name: "61780", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61780", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX200223", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://linux.oracle.com/errata/ELSA-2014-3077.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { name: "62228", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62228", }, { name: "HPSBGN03138", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { name: "61855", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61855", }, { name: "HPSBHF03124", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { name: "60044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60044", }, { name: "61291", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61291", }, { name: "HPSBHF03125", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { name: "59737", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59737", }, { name: "61287", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61287", }, { name: "HPSBHF03146", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { name: "HPSBGN03233", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "SSRT101739", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61711", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61711", }, { name: "HPSBOV03228", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { name: "HPSBGN03141", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { name: "RHSA-2014:1311", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1311.html", }, { name: "61128", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61128", }, { name: "DSA-3035", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2014/dsa-3035", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX200217", }, { name: "61471", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61471", }, { name: "60055", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60055", }, { name: "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { name: "61550", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61550", }, { name: "61633", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61633", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://linux.oracle.com/errata/ELSA-2014-1306.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { name: "SUSE-SU-2014:1259", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html", }, { name: "61328", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61328", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { name: "61129", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61129", }, { name: "61700", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61700", }, { name: "61626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61626", }, { name: "61603", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61603", }, { name: "61857", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61857", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { tags: [ "x_refsource_MISC", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-7169", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { name: "[oss-security] 20140924 Re: CVE-2014-6271: remote code execution through bash", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2014/09/24/32", }, { name: "HPSBMU03165", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { name: "HPSBHF03119", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { name: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", refsource: "CONFIRM", url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { name: "HPSBST03131", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { name: "SSRT101819", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { name: "HPSBMU03245", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "openSUSE-SU-2014:1229", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { name: "61188", refsource: "SECUNIA", url: "http://secunia.com/advisories/61188", }, { name: "JVN#55667175", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { name: "61676", refsource: "SECUNIA", url: "http://secunia.com/advisories/61676", }, { name: "openSUSE-SU-2014:1254", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { name: "60433", refsource: "SECUNIA", url: "http://secunia.com/advisories/60433", }, { name: "HPSBMU03143", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { name: "HPSBMU03182", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { name: "RHSA-2014:1306", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1306.html", }, { name: "HPSBST03155", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { name: "61715", refsource: "SECUNIA", url: "http://secunia.com/advisories/61715", }, { name: "USN-2363-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2363-2", }, { name: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { name: "61816", refsource: "SECUNIA", url: "http://secunia.com/advisories/61816", }, { name: "openSUSE-SU-2014:1310", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { name: "61442", refsource: "SECUNIA", url: "http://secunia.com/advisories/61442", }, { name: "HPSBMU03246", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { name: "HPSBST03195", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { name: "61283", refsource: "SECUNIA", url: "http://secunia.com/advisories/61283", }, { name: "SSRT101711", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { name: "openSUSE-SU-2014:1308", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { name: "61654", refsource: "SECUNIA", url: "http://secunia.com/advisories/61654", }, { name: "http://www.novell.com/support/kb/doc.php?id=7015701", refsource: "CONFIRM", url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { name: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", refsource: "CONFIRM", url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { name: "62312", refsource: "SECUNIA", url: "http://secunia.com/advisories/62312", }, { name: "59272", refsource: "SECUNIA", url: "http://secunia.com/advisories/59272", }, { name: "HPSBST03122", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { name: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", refsource: "CONFIRM", url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { name: "HPSBMU03217", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "RHSA-2014:1312", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1312.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { name: "USN-2363-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2363-1", }, { name: "SSRT101868", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61703", refsource: "SECUNIA", url: "http://secunia.com/advisories/61703", }, { name: "http://support.apple.com/kb/HT6495", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT6495", }, { name: "VU#252743", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/252743", }, { name: "61065", refsource: "SECUNIA", url: "http://secunia.com/advisories/61065", }, { name: "http://linux.oracle.com/errata/ELSA-2014-3075.html", refsource: "CONFIRM", url: "http://linux.oracle.com/errata/ELSA-2014-3075.html", }, { name: "HPSBST03129", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { name: "HPSBMU03144", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { name: "http://support.novell.com/security/cve/CVE-2014-7169.html", refsource: "CONFIRM", url: "http://support.novell.com/security/cve/CVE-2014-7169.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { name: "JVNDB-2014-000126", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { name: "SSRT101827", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "TA14-268A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { name: "61641", refsource: "SECUNIA", url: "http://secunia.com/advisories/61641", }, { name: "SUSE-SU-2014:1247", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html", }, { name: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", refsource: "CONFIRM", url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { name: "https://access.redhat.com/node/1200223", refsource: "CONFIRM", url: "https://access.redhat.com/node/1200223", }, { name: "SUSE-SU-2014:1287", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { name: "APPLE-SA-2014-10-16-1", refsource: "APPLE", url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { name: "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { name: "MDVSA-2015:164", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { name: "61619", refsource: "SECUNIA", url: "http://secunia.com/advisories/61619", }, { name: "http://linux.oracle.com/errata/ELSA-2014-3078.html", refsource: "CONFIRM", url: "http://linux.oracle.com/errata/ELSA-2014-3078.html", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { name: "HPSBMU03220", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "60325", refsource: "SECUNIA", url: "http://secunia.com/advisories/60325", }, { name: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", refsource: "CONFIRM", url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "60024", refsource: "SECUNIA", url: "http://secunia.com/advisories/60024", }, { name: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { name: "34879", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/34879/", }, { name: "61622", refsource: "SECUNIA", url: "http://secunia.com/advisories/61622", }, { name: "https://access.redhat.com/articles/1200223", refsource: "CONFIRM", url: "https://access.redhat.com/articles/1200223", }, { name: "62343", refsource: "SECUNIA", url: "http://secunia.com/advisories/62343", }, { name: "http://advisories.mageia.org/MGASA-2014-0393.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2014-0393.html", }, { name: "61565", refsource: "SECUNIA", url: "http://secunia.com/advisories/61565", }, { name: "https://www.suse.com/support/shellshock/", refsource: "CONFIRM", url: "https://www.suse.com/support/shellshock/", }, { name: "HPSBST03157", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { name: "61313", refsource: "SECUNIA", url: "http://secunia.com/advisories/61313", }, { name: "SSRT101742", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "61873", refsource: "SECUNIA", url: "http://secunia.com/advisories/61873", }, { name: "61485", refsource: "SECUNIA", url: "http://secunia.com/advisories/61485", }, { name: "openSUSE-SU-2014:1242", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html", }, { name: "61618", refsource: "SECUNIA", url: "http://secunia.com/advisories/61618", }, { name: "60947", refsource: "SECUNIA", url: "http://secunia.com/advisories/60947", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { name: "https://support.apple.com/kb/HT6535", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT6535", }, { name: "HPSBST03154", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { name: "HPSBGN03142", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { name: "61312", refsource: "SECUNIA", url: "http://secunia.com/advisories/61312", }, { name: "60193", refsource: "SECUNIA", url: "http://secunia.com/advisories/60193", }, { name: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { name: "61479", refsource: "SECUNIA", url: "http://secunia.com/advisories/61479", }, { name: "60063", refsource: "SECUNIA", url: "http://secunia.com/advisories/60063", }, { name: "60034", refsource: "SECUNIA", url: "http://secunia.com/advisories/60034", }, { name: "HPSBMU03133", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { name: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", refsource: "MISC", url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { name: "59907", refsource: "SECUNIA", url: "http://secunia.com/advisories/59907", }, { name: "58200", refsource: "SECUNIA", url: "http://secunia.com/advisories/58200", }, { name: "HPSBST03181", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { name: "61643", refsource: "SECUNIA", url: "http://secunia.com/advisories/61643", }, { name: "http://twitter.com/taviso/statuses/514887394294652929", refsource: "MISC", url: "http://twitter.com/taviso/statuses/514887394294652929", }, { name: "http://www.novell.com/support/kb/doc.php?id=7015721", refsource: "CONFIRM", url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { name: "61503", refsource: "SECUNIA", url: "http://secunia.com/advisories/61503", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { name: "RHSA-2014:1354", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { name: "HPSBGN03117", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { name: "HPSBHF03145", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { name: "http://www.qnap.com/i/en/support/con_show.php?cid=61", refsource: "CONFIRM", url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { name: "HPSBST03148", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { name: "61552", refsource: "SECUNIA", url: "http://secunia.com/advisories/61552", }, { name: "61780", refsource: "SECUNIA", url: "http://secunia.com/advisories/61780", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { name: "https://support.citrix.com/article/CTX200223", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX200223", }, { name: "http://linux.oracle.com/errata/ELSA-2014-3077.html", refsource: "CONFIRM", url: "http://linux.oracle.com/errata/ELSA-2014-3077.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { name: "62228", refsource: "SECUNIA", url: "http://secunia.com/advisories/62228", }, { name: "HPSBGN03138", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { name: "61855", refsource: "SECUNIA", url: "http://secunia.com/advisories/61855", }, { name: "HPSBHF03124", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { name: "60044", refsource: "SECUNIA", url: "http://secunia.com/advisories/60044", }, { name: "61291", refsource: "SECUNIA", url: "http://secunia.com/advisories/61291", }, { name: "HPSBHF03125", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { name: "59737", refsource: "SECUNIA", url: "http://secunia.com/advisories/59737", }, { name: "61287", refsource: "SECUNIA", url: "http://secunia.com/advisories/61287", }, { name: "HPSBHF03146", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { name: "HPSBGN03233", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "SSRT101739", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61711", refsource: "SECUNIA", url: "http://secunia.com/advisories/61711", }, { name: "HPSBOV03228", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { name: "HPSBGN03141", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { name: "RHSA-2014:1311", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1311.html", }, { name: "61128", refsource: "SECUNIA", url: "http://secunia.com/advisories/61128", }, { name: "DSA-3035", refsource: "DEBIAN", url: "http://www.debian.org/security/2014/dsa-3035", }, { name: "https://support.citrix.com/article/CTX200217", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX200217", }, { name: "61471", refsource: "SECUNIA", url: "http://secunia.com/advisories/61471", }, { name: "60055", refsource: "SECUNIA", url: "http://secunia.com/advisories/60055", }, { name: "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { name: "61550", refsource: "SECUNIA", url: "http://secunia.com/advisories/61550", }, { name: "61633", refsource: "SECUNIA", url: "http://secunia.com/advisories/61633", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { name: "http://linux.oracle.com/errata/ELSA-2014-1306.html", refsource: "CONFIRM", url: "http://linux.oracle.com/errata/ELSA-2014-1306.html", }, { name: "https://kb.bluecoat.com/index?page=content&id=SA82", refsource: "CONFIRM", url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { name: "SUSE-SU-2014:1259", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html", }, { name: "61328", refsource: "SECUNIA", url: "http://secunia.com/advisories/61328", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { name: "61129", refsource: "SECUNIA", url: "http://secunia.com/advisories/61129", }, { name: "61700", refsource: "SECUNIA", url: "http://secunia.com/advisories/61700", }, { name: "61626", refsource: "SECUNIA", url: "http://secunia.com/advisories/61626", }, { name: "61603", refsource: "SECUNIA", url: "http://secunia.com/advisories/61603", }, { name: "61857", refsource: "SECUNIA", url: "http://secunia.com/advisories/61857", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { name: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", refsource: "MISC", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-7169", datePublished: "2014-09-25T01:00:00.000Z", dateReserved: "2014-09-24T00:00:00.000Z", dateUpdated: "2025-02-10T19:31:56.166Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1461 (GCVE-0-2018-1461)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140362 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Spectrum Virtualize Software |
Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181461-xss(140362)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181461-xss(140362)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1461", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181461-xss(140362)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140362", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1461", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:27:43.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1434 (GCVE-0-2018-1434)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139474 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | FlashSystem V9000 |
Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.064Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "ibm-storwize-cve20181434-csrf(139474)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.", }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "ibm-storwize-cve20181434-csrf(139474)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1434", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "ibm-storwize-cve20181434-csrf(139474)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139474", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1434", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T02:11:40.577Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1466 (GCVE-0-2018-1466)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140397 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | SAN Volume Controller |
Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.128Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181466-info-disc(140397)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181466-info-disc(140397)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1466", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181466-info-disc(140397)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140397", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1466", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T17:03:03.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-6271 (GCVE-0-2014-6271)
Vulnerability from cvelistv5
Published
2014-09-24 18:00
Modified
2025-02-07 13:47
Severity ?
EPSS score ?
Summary
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:10:13.276Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "37816", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/37816/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { name: "SUSE-SU-2014:1223", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { name: "HPSBMU03165", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { name: "SSRT101816", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { name: "39918", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/39918/", }, { name: "HPSBHF03119", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { name: "RHSA-2014:1295", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1295.html", }, { name: "openSUSE-SU-2014:1226", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { name: "HPSBST03131", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { name: "SSRT101819", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { name: "HPSBMU03245", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { name: "HPSBST03196", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { name: "61188", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61188", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", }, { name: "JVN#55667175", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { name: "61676", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61676", }, { name: "40619", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40619/", }, { name: "openSUSE-SU-2014:1254", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { name: "60433", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60433", }, { name: "38849", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/38849/", }, { name: "HPSBMU03143", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { name: "HPSBMU03182", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", }, { name: "SUSE-SU-2014:1260", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html", }, { name: "HPSBST03155", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { name: "61715", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61715", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { name: "61816", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61816", }, { name: "openSUSE-SU-2014:1310", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { name: "61442", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61442", }, { name: "HPSBMU03246", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { name: "HPSBST03195", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { name: "61283", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61283", }, { name: "SSRT101711", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { name: "USN-2362-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2362-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { name: "openSUSE-SU-2014:1308", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { name: "61654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61654", }, { name: "61542", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61542", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { name: "62312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62312", }, { name: "59272", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59272", }, { name: "HPSBST03122", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { name: "HPSBMU03217", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { name: "SSRT101868", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61703", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61703", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT6495", }, { name: "VU#252743", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { name: "61065", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61065", }, { name: "SUSE-SU-2014:1213", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html", }, { name: "HPSBST03129", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { name: "HPSBMU03144", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { name: "70103", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/70103", }, { name: "JVNDB-2014-000126", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { name: "SSRT101827", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "TA14-268A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { name: "SUSE-SU-2014:1212", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html", }, { name: "61641", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61641", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/node/1200223", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html", }, { name: "SUSE-SU-2014:1287", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { name: "APPLE-SA-2014-10-16-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { name: "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { name: "MDVSA-2015:164", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { name: "RHSA-2014:1293", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1293.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { name: "openSUSE-SU-2014:1238", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html", }, { name: "HPSBMU03220", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "60325", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60325", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "60024", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60024", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { name: "34879", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/34879/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/articles/1200223", }, { name: "62343", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62343", }, { name: "61565", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61565", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.suse.com/support/shellshock/", }, { name: "HPSBST03157", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { name: "61313", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61313", }, { name: "SSRT101742", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "61873", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61873", }, { name: "61485", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61485", }, { name: "60947", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60947", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT6535", }, { name: "HPSBST03154", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { name: "HPSBST03265", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142546741516006&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { name: "HPSBGN03142", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { name: "61312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61312", }, { name: "60193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60193", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://linux.oracle.com/errata/ELSA-2014-1294.html", }, { name: "60063", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60063", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html", }, { name: "60034", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60034", }, { name: "HPSBMU03133", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { name: "59907", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59907", }, { name: "58200", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/58200", }, { name: "HPSBST03181", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { name: "61643", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61643", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { name: "61503", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61503", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { name: "RHSA-2014:1354", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { name: "40938", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40938/", }, { name: "HPSBGN03117", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.novell.com/security/cve/CVE-2014-6271.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { name: "61547", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61547", }, { name: "HPSBHF03145", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { name: "HPSBST03148", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { name: "61552", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61552", }, { name: "61780", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61780", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX200223", }, { name: "DSA-3032", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2014/dsa-3032", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { name: "62228", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62228", }, { name: "HPSBGN03138", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { name: "61855", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61855", }, { name: "HPSBHF03124", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { name: "60044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60044", }, { name: "61291", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61291", }, { name: "RHSA-2014:1294", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1294.html", }, { name: "HPSBHF03125", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { name: "59737", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59737", }, { name: "61287", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61287", }, { name: "HPSBHF03146", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { name: "HPSBGN03233", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1141597", }, { name: "SSRT101739", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61711", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61711", }, { name: "HPSBOV03228", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { name: "HPSBGN03141", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2014-0388.html", }, { name: "61128", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61128", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX200217", }, { name: "61471", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61471", }, { name: "60055", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60055", }, { name: "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { name: "61550", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61550", }, { name: "61633", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61633", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://linux.oracle.com/errata/ELSA-2014-1293.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { name: "61328", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61328", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { name: "42938", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/42938/", }, { name: "61129", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61129", }, { name: "61700", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61700", }, { name: "61603", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61603", }, { name: "61857", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61857", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2014-6271", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T13:45:49.549420Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-01-28", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-6271", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T13:47:31.669Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-24T00:00:00.000Z", descriptions: [ { lang: "en", value: "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka \"ShellShock.\" NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-05T16:37:05.000Z", orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", shortName: "debian", }, references: [ { name: "37816", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/37816/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { name: "SUSE-SU-2014:1223", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { name: "HPSBMU03165", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { name: "SSRT101816", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { name: "39918", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/39918/", }, { name: "HPSBHF03119", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { name: "RHSA-2014:1295", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1295.html", }, { name: "openSUSE-SU-2014:1226", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { name: "HPSBST03131", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { name: "SSRT101819", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { name: "HPSBMU03245", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { name: "HPSBST03196", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { name: "61188", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61188", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", }, { name: "JVN#55667175", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { name: "61676", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61676", }, { name: "40619", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40619/", }, { name: "openSUSE-SU-2014:1254", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { name: "60433", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60433", }, { name: "38849", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/38849/", }, { name: "HPSBMU03143", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { name: "HPSBMU03182", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", }, { name: "SUSE-SU-2014:1260", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html", }, { name: "HPSBST03155", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { name: "61715", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61715", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { name: "61816", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61816", }, { name: "openSUSE-SU-2014:1310", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { name: "61442", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61442", }, { name: "HPSBMU03246", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { name: "HPSBST03195", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { name: "61283", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61283", }, { name: "SSRT101711", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { name: "USN-2362-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2362-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { name: "openSUSE-SU-2014:1308", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { name: "61654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61654", }, { name: "61542", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61542", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { name: "62312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62312", }, { name: "59272", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59272", }, { name: "HPSBST03122", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { name: "HPSBMU03217", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { name: "SSRT101868", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61703", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61703", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT6495", }, { name: "VU#252743", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { name: "61065", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61065", }, { name: "SUSE-SU-2014:1213", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html", }, { name: "HPSBST03129", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { name: "HPSBMU03144", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { name: "70103", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/70103", }, { name: "JVNDB-2014-000126", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { name: "SSRT101827", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "TA14-268A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { name: "SUSE-SU-2014:1212", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html", }, { name: "61641", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61641", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/node/1200223", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html", }, { name: "SUSE-SU-2014:1287", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { name: "APPLE-SA-2014-10-16-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { name: "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { name: "MDVSA-2015:164", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { name: "RHSA-2014:1293", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1293.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { name: "openSUSE-SU-2014:1238", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html", }, { name: "HPSBMU03220", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "60325", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60325", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "60024", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60024", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { name: "34879", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/34879/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/articles/1200223", }, { name: "62343", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62343", }, { name: "61565", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61565", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.suse.com/support/shellshock/", }, { name: "HPSBST03157", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { name: "61313", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61313", }, { name: "SSRT101742", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "61873", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61873", }, { name: "61485", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61485", }, { name: "60947", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60947", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT6535", }, { name: "HPSBST03154", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { name: "HPSBST03265", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142546741516006&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { name: "HPSBGN03142", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { name: "61312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61312", }, { name: "60193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60193", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://linux.oracle.com/errata/ELSA-2014-1294.html", }, { name: "60063", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60063", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html", }, { name: "60034", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60034", }, { name: "HPSBMU03133", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { tags: [ "x_refsource_MISC", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { name: "59907", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59907", }, { name: "58200", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/58200", }, { name: "HPSBST03181", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { name: "61643", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61643", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { name: "61503", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61503", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { name: "RHSA-2014:1354", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { name: "40938", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40938/", }, { name: "HPSBGN03117", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.novell.com/security/cve/CVE-2014-6271.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { name: "61547", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61547", }, { name: "HPSBHF03145", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { name: "HPSBST03148", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { name: "61552", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61552", }, { name: "61780", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61780", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX200223", }, { name: "DSA-3032", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2014/dsa-3032", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { name: "62228", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62228", }, { name: "HPSBGN03138", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { name: "61855", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61855", }, { name: "HPSBHF03124", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { name: "60044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60044", }, { name: "61291", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61291", }, { name: "RHSA-2014:1294", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1294.html", }, { name: "HPSBHF03125", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { name: "59737", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59737", }, { name: "61287", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61287", }, { name: "HPSBHF03146", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { name: "HPSBGN03233", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1141597", }, { name: "SSRT101739", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61711", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61711", }, { name: "HPSBOV03228", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { name: "HPSBGN03141", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2014-0388.html", }, { name: "61128", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61128", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX200217", }, { name: "61471", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61471", }, { name: "60055", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60055", }, { name: "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { name: "61550", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61550", }, { name: "61633", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61633", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://linux.oracle.com/errata/ELSA-2014-1293.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { name: "61328", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61328", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { name: "42938", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/42938/", }, { name: "61129", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61129", }, { name: "61700", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61700", }, { name: "61603", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61603", }, { name: "61857", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61857", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@debian.org", ID: "CVE-2014-6271", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka \"ShellShock.\" NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "37816", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/37816/", }, { name: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { name: "SUSE-SU-2014:1223", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { name: "HPSBMU03165", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { name: "SSRT101816", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { name: "39918", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/39918/", }, { name: "HPSBHF03119", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { name: "RHSA-2014:1295", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1295.html", }, { name: "openSUSE-SU-2014:1226", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", }, { name: "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/", refsource: "CONFIRM", url: "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/", }, { name: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", refsource: "CONFIRM", url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { name: "HPSBST03131", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { name: "SSRT101819", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { name: "HPSBMU03245", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { name: "HPSBST03196", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { name: "61188", refsource: "SECUNIA", url: "http://secunia.com/advisories/61188", }, { name: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", refsource: "CONFIRM", url: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", }, { name: "JVN#55667175", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { name: "61676", refsource: "SECUNIA", url: "http://secunia.com/advisories/61676", }, { name: "40619", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/40619/", }, { name: "openSUSE-SU-2014:1254", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { name: "60433", refsource: "SECUNIA", url: "http://secunia.com/advisories/60433", }, { name: "38849", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/38849/", }, { name: "HPSBMU03143", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { name: "HPSBMU03182", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", refsource: "CONFIRM", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", }, { name: "SUSE-SU-2014:1260", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html", }, { name: "HPSBST03155", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { name: "61715", refsource: "SECUNIA", url: "http://secunia.com/advisories/61715", }, { name: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { name: "61816", refsource: "SECUNIA", url: "http://secunia.com/advisories/61816", }, { name: "openSUSE-SU-2014:1310", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { name: "61442", refsource: "SECUNIA", url: "http://secunia.com/advisories/61442", }, { name: "HPSBMU03246", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { name: "HPSBST03195", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { name: "61283", refsource: "SECUNIA", url: "http://secunia.com/advisories/61283", }, { name: "SSRT101711", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { name: "USN-2362-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2362-1", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { name: "openSUSE-SU-2014:1308", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { name: "61654", refsource: "SECUNIA", url: "http://secunia.com/advisories/61654", }, { name: "61542", refsource: "SECUNIA", url: "http://secunia.com/advisories/61542", }, { name: "http://www.novell.com/support/kb/doc.php?id=7015701", refsource: "CONFIRM", url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { name: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", refsource: "CONFIRM", url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { name: "62312", refsource: "SECUNIA", url: "http://secunia.com/advisories/62312", }, { name: "59272", refsource: "SECUNIA", url: "http://secunia.com/advisories/59272", }, { name: "HPSBST03122", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { name: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", refsource: "CONFIRM", url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { name: "HPSBMU03217", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { name: "SSRT101868", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61703", refsource: "SECUNIA", url: "http://secunia.com/advisories/61703", }, { name: "http://support.apple.com/kb/HT6495", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT6495", }, { name: "VU#252743", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/252743", }, { name: "61065", refsource: "SECUNIA", url: "http://secunia.com/advisories/61065", }, { name: "SUSE-SU-2014:1213", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html", }, { name: "HPSBST03129", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { name: "HPSBMU03144", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { name: "70103", refsource: "BID", url: "http://www.securityfocus.com/bid/70103", }, { name: "JVNDB-2014-000126", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { name: "SSRT101827", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "TA14-268A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { name: "SUSE-SU-2014:1212", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html", }, { name: "61641", refsource: "SECUNIA", url: "http://secunia.com/advisories/61641", }, { name: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", refsource: "CONFIRM", url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { name: "https://access.redhat.com/node/1200223", refsource: "CONFIRM", url: "https://access.redhat.com/node/1200223", }, { name: "http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html", }, { name: "SUSE-SU-2014:1287", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { name: "APPLE-SA-2014-10-16-1", refsource: "APPLE", url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { name: "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { name: "MDVSA-2015:164", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { name: "RHSA-2014:1293", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1293.html", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { name: "openSUSE-SU-2014:1238", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html", }, { name: "HPSBMU03220", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "60325", refsource: "SECUNIA", url: "http://secunia.com/advisories/60325", }, { name: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", refsource: "CONFIRM", url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "60024", refsource: "SECUNIA", url: "http://secunia.com/advisories/60024", }, { name: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { name: "34879", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/34879/", }, { name: "https://access.redhat.com/articles/1200223", refsource: "CONFIRM", url: "https://access.redhat.com/articles/1200223", }, { name: "62343", refsource: "SECUNIA", url: "http://secunia.com/advisories/62343", }, { name: "61565", refsource: "SECUNIA", url: "http://secunia.com/advisories/61565", }, { name: "https://www.suse.com/support/shellshock/", refsource: "CONFIRM", url: "https://www.suse.com/support/shellshock/", }, { name: "HPSBST03157", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { name: "61313", refsource: "SECUNIA", url: "http://secunia.com/advisories/61313", }, { name: "SSRT101742", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "61873", refsource: "SECUNIA", url: "http://secunia.com/advisories/61873", }, { name: "61485", refsource: "SECUNIA", url: "http://secunia.com/advisories/61485", }, { name: "60947", refsource: "SECUNIA", url: "http://secunia.com/advisories/60947", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { name: "https://support.apple.com/kb/HT6535", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT6535", }, { name: "HPSBST03154", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { name: "HPSBST03265", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142546741516006&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { name: "HPSBGN03142", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { name: "61312", refsource: "SECUNIA", url: "http://secunia.com/advisories/61312", }, { name: "60193", refsource: "SECUNIA", url: "http://secunia.com/advisories/60193", }, { name: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { name: "http://linux.oracle.com/errata/ELSA-2014-1294.html", refsource: "CONFIRM", url: "http://linux.oracle.com/errata/ELSA-2014-1294.html", }, { name: "60063", refsource: "SECUNIA", url: "http://secunia.com/advisories/60063", }, { name: "http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html", }, { name: "60034", refsource: "SECUNIA", url: "http://secunia.com/advisories/60034", }, { name: "HPSBMU03133", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { name: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", refsource: "MISC", url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { name: "59907", refsource: "SECUNIA", url: "http://secunia.com/advisories/59907", }, { name: "58200", refsource: "SECUNIA", url: "http://secunia.com/advisories/58200", }, { name: "HPSBST03181", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { name: "61643", refsource: "SECUNIA", url: "http://secunia.com/advisories/61643", }, { name: "http://www.novell.com/support/kb/doc.php?id=7015721", refsource: "CONFIRM", url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { name: "61503", refsource: "SECUNIA", url: "http://secunia.com/advisories/61503", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { name: "RHSA-2014:1354", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { name: "40938", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/40938/", }, { name: "HPSBGN03117", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { name: "http://support.novell.com/security/cve/CVE-2014-6271.html", refsource: "CONFIRM", url: "http://support.novell.com/security/cve/CVE-2014-6271.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { name: "61547", refsource: "SECUNIA", url: "http://secunia.com/advisories/61547", }, { name: "HPSBHF03145", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { name: "http://www.qnap.com/i/en/support/con_show.php?cid=61", refsource: "CONFIRM", url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { name: "HPSBST03148", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { name: "61552", refsource: "SECUNIA", url: "http://secunia.com/advisories/61552", }, { name: "61780", refsource: "SECUNIA", url: "http://secunia.com/advisories/61780", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { name: "https://support.citrix.com/article/CTX200223", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX200223", }, { name: "DSA-3032", refsource: "DEBIAN", url: "http://www.debian.org/security/2014/dsa-3032", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { name: "62228", refsource: "SECUNIA", url: "http://secunia.com/advisories/62228", }, { name: "HPSBGN03138", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { name: "61855", refsource: "SECUNIA", url: "http://secunia.com/advisories/61855", }, { name: "HPSBHF03124", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { name: "60044", refsource: "SECUNIA", url: "http://secunia.com/advisories/60044", }, { name: "61291", refsource: "SECUNIA", url: "http://secunia.com/advisories/61291", }, { name: "RHSA-2014:1294", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1294.html", }, { name: "HPSBHF03125", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { name: "59737", refsource: "SECUNIA", url: "http://secunia.com/advisories/59737", }, { name: "61287", refsource: "SECUNIA", url: "http://secunia.com/advisories/61287", }, { name: "HPSBHF03146", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { name: "HPSBGN03233", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1141597", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1141597", }, { name: "SSRT101739", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61711", refsource: "SECUNIA", url: "http://secunia.com/advisories/61711", }, { name: "HPSBOV03228", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { name: "HPSBGN03141", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { name: "http://advisories.mageia.org/MGASA-2014-0388.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2014-0388.html", }, { name: "61128", refsource: "SECUNIA", url: "http://secunia.com/advisories/61128", }, { name: "https://support.citrix.com/article/CTX200217", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX200217", }, { name: "61471", refsource: "SECUNIA", url: "http://secunia.com/advisories/61471", }, { name: "60055", refsource: "SECUNIA", url: "http://secunia.com/advisories/60055", }, { name: "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { name: "61550", refsource: "SECUNIA", url: "http://secunia.com/advisories/61550", }, { name: "61633", refsource: "SECUNIA", url: "http://secunia.com/advisories/61633", }, { name: "http://linux.oracle.com/errata/ELSA-2014-1293.html", refsource: "CONFIRM", url: "http://linux.oracle.com/errata/ELSA-2014-1293.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { name: "https://kb.bluecoat.com/index?page=content&id=SA82", refsource: "CONFIRM", url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { name: "61328", refsource: "SECUNIA", url: "http://secunia.com/advisories/61328", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { name: "42938", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/42938/", }, { name: "61129", refsource: "SECUNIA", url: "http://secunia.com/advisories/61129", }, { name: "61700", refsource: "SECUNIA", url: "http://secunia.com/advisories/61700", }, { name: "61603", refsource: "SECUNIA", url: "http://secunia.com/advisories/61603", }, { name: "61857", refsource: "SECUNIA", url: "http://secunia.com/advisories/61857", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { name: "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html", }, { name: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", refsource: "MISC", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", assignerShortName: "debian", cveId: "CVE-2014-6271", datePublished: "2014-09-24T18:00:00.000Z", dateReserved: "2014-09-09T00:00:00.000Z", dateUpdated: "2025-02-07T13:47:31.669Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1464 (GCVE-0-2018-1464)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140395 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V5000 |
Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.245Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181464-info-disc(140395)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181464-info-disc(140395)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1464", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181464-info-disc(140395)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140395", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1464", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:17:34.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1463 (GCVE-0-2018-1463)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 16:52
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140368 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V5000 |
Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.232Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181463-info-disc(140368)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181463-info-disc(140368)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1463", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181463-info-disc(140368)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140368", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1463", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T16:52:50.494Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1433 (GCVE-0-2018-1433)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-08-05 03:59
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139473 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.074Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181433-file-download(139473)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139473", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181433-file-download(139473)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139473", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2018-1433", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181433-file-download(139473)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139473", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1433", datePublished: "2018-05-17T21:00:00", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-08-05T03:59:39.074Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1462 (GCVE-0-2018-1462)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140363 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V3700 |
Version: 7.1 Version: 6.4 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181462-dos(140363)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181462-dos(140363)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1462", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181462-dos(140363)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140363", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1462", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T01:51:33.890Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1438 (GCVE-0-2018-1438)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-08-05 03:59
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139566 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.086Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-storwize-cve20181438-info-disc(139566)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139566", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-storwize-cve20181438-info-disc(139566)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139566", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2018-1438", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ibm-storwize-cve20181438-info-disc(139566)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139566", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1438", datePublished: "2018-05-17T21:00:00", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-08-05T03:59:39.086Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1465 (GCVE-0-2018-1465)
Vulnerability from cvelistv5
Published
2018-05-17 21:00
Modified
2024-09-16 18:14
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104349 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140396 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Storwize V3500 |
Version: 6.4 Version: 7.1 Version: 7.5 Version: 7.6 Version: 7.6.1 Version: 7.7 Version: 7.7.1 Version: 7.8 Version: 7.8.1 Version: 8.1 Version: 6.1 Version: 6.2 Version: 6.3 Version: 7.2 Version: 7.3 Version: 7.4 Version: 8.1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181465-info-disc(140396)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Storwize V3500", vendor: "IBM", versions: [ { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "SAN Volume Controller", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, ], }, { product: "Spectrum Virtualize Software", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Spectrum Virtualize for Public Cloud", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V7000 (2076)", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "1.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "8.1.1", }, ], }, { product: "FlashSystem V9000", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.1", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V5000", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, { product: "Storwize V3700", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "6.4", }, { status: "affected", version: "7.5", }, { status: "affected", version: "7.6", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.7", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.8", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "8.1", }, { status: "affected", version: "6.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.3", }, { status: "affected", version: "7.2", }, { status: "affected", version: "7.3", }, { status: "affected", version: "7.4", }, { status: "affected", version: "8.1.1", }, ], }, ], datePublic: "2018-05-14T00:00:00", descriptions: [ { lang: "en", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-04T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181465-info-disc(140396)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-14T00:00:00", ID: "CVE-2018-1465", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Storwize V3500", version: { version_data: [ { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "SAN Volume Controller", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, ], }, }, { product_name: "Spectrum Virtualize Software", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Spectrum Virtualize for Public Cloud", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V7000 (2076)", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "1.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "8.1.1", }, ], }, }, { product_name: "FlashSystem V9000", version: { version_data: [ { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.1", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V5000", version: { version_data: [ { version_value: "7.1", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "6.4", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, { product_name: "Storwize V3700", version: { version_data: [ { version_value: "7.1", }, { version_value: "6.4", }, { version_value: "7.5", }, { version_value: "7.6", }, { version_value: "7.6.1", }, { version_value: "7.7", }, { version_value: "7.7.1", }, { version_value: "7.8", }, { version_value: "7.8.1", }, { version_value: "8.1", }, { version_value: "6.1", }, { version_value: "6.2", }, { version_value: "6.3", }, { version_value: "7.2", }, { version_value: "7.3", }, { version_value: "7.4", }, { version_value: "8.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282", }, { name: "104349", refsource: "BID", url: "http://www.securityfocus.com/bid/104349", }, { name: "ibm-storwize-cve20181465-info-disc(140396)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/140396", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1465", datePublished: "2018-05-17T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T18:14:09.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }