All the vulnerabilites related to IBM - torwize V5000
cve-2018-1775
Vulnerability from cvelistv5
Published
2019-02-27 22:00
Modified
2024-09-16 18:43
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.
Impacted products
Vendor Product Version
IBM torwize V3500 Version: 7.5
Version: 8.2
IBM torwize V3700 Version: 7.5
Version: 8.2
IBM Spectrum Virtualize for Public Cloud Version: 7.5
Version: 8.2
IBM Spectrum Virtualize Software Version: 7.5
Version: 8.2
IBM SAN Volume Controller Version: 7.5
Version: 8.2
IBM FlashSystem V9000 Version: 7.5
Version: 8.2
IBM torwize V5000 Version: 7.5
Version: 8.2
IBM FlashSystem 9100 Family Version: 7.5
Version: 8.2
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107187",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107187"
          },
          {
            "name": "ibm-storwize-cve20181775-file-download(148757)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "torwize V7000",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "torwize V3500",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "torwize V3700",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "Spectrum Virtualize for Public Cloud",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "Spectrum Virtualize Software",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "SAN Volume Controller",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "FlashSystem V9000",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "torwize V5000",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        },
        {
          "product": "FlashSystem 9100 Family",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        }
      ],
      "datePublic": "2019-02-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "TEMPORARY_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:T",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-01T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "107187",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107187"
        },
        {
          "name": "ibm-storwize-cve20181775-file-download(148757)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-02-25T00:00:00",
          "ID": "CVE-2018-1775",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "torwize V7000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "torwize V3500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "torwize V3700",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Virtualize for Public Cloud",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Virtualize Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAN Volume Controller",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FlashSystem V9000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "torwize V5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FlashSystem 9100 Family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "8.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "T"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107187",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107187"
            },
            {
              "name": "ibm-storwize-cve20181775-file-download(148757)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10872486",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1775",
    "datePublished": "2019-02-27T22:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T18:43:43.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}