cvelistv5 - CVE-2018-1822

Source	URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ibm10732962	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/150296	VDB Entry, Vendor Advisory

Vendor	Product
IBM	FlashSystem 900

var-201810-0672

Vulnerability from variot

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296. IBM FlashSystem 900 The product contains authentication vulnerabilities. Vendors have confirmed this vulnerability IBM X-Force ID: 150296 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. are all enterprise-level storage solutions of IBM Corporation in the United States. The solution provides a full set of disaster recovery tools (including snapshot, clone and replication) to protect data security and use IBM Virtual Storage Center to realize virtualization configuration and performance management. GUI is one of the Graphical User Interfaces. The following products are affected: IBM FlashSystem 840 MTMs 9840-AE1; FlashSystem 840 MTMs 9843-AE1; FlashSystem 900 MTMs 9840-AE2; FlashSystem 900 MTMs 9840-AE29843-AE2

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0672",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "flashsystem 840",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "flashsystem 900",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "flashsystem v840",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem v900",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012594"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1822"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1036"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_900_firmware:1.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_900:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_840_firmware:1.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_840:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1822"
      }
    ]
  },
  "cve": "CVE-2018-1822",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2018-1822",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-128757",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-1822",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-1822",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2018-1822",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-1036",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-128757",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-1822",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-128757"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012594"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1822"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1822"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1036"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296. IBM FlashSystem 900 The product contains authentication vulnerabilities. Vendors have confirmed this vulnerability IBM X-Force ID: 150296 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. are all enterprise-level storage solutions of IBM Corporation in the United States. The solution provides a full set of disaster recovery tools (including snapshot, clone and replication) to protect data security and use IBM Virtual Storage Center to realize virtualization configuration and performance management. GUI is one of the Graphical User Interfaces. The following products are affected: IBM FlashSystem 840 MTMs 9840-AE1; FlashSystem 840 MTMs 9843-AE1; FlashSystem 900 MTMs 9840-AE2; FlashSystem 900 MTMs 9840-AE29843-AE2",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012594"
      },
      {
        "db": "VULHUB",
        "id": "VHN-128757"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1822"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1822",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012594",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1036",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-128757",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1822",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-128757"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012594"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1822"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1036"
      }
    ]
  },
  "id": "VAR-201810-0672",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-128757"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:08:16.637000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "0732962",
        "trust": 0.8,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10732962"
      },
      {
        "title": "ibm-flashsystem-cve20181822-sec-bypass (150296)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150296"
      },
      {
        "title": "Multiple IBM product GUI Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86194"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012594"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1036"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-128757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012594"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1822"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10732962"
      },
      {
        "trust": 1.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150296"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1822"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1822"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-128757"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012594"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1822"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1036"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-128757"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012594"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1822"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1036"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-128757"
      },
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-1822"
      },
      {
        "date": "2019-02-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012594"
      },
      {
        "date": "2018-10-18T15:29:00.573000",
        "db": "NVD",
        "id": "CVE-2018-1822"
      },
      {
        "date": "2018-10-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1036"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-128757"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-1822"
      },
      {
        "date": "2019-02-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012594"
      },
      {
        "date": "2019-10-09T23:39:10.087000",
        "db": "NVD",
        "id": "CVE-2018-1822"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1036"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1036"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM FlashSystem 900 Authentication vulnerabilities in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012594"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1036"
      }
    ],
    "trust": 0.6
  }
}

gsd-2018-1822

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.

Aliases

CVE-2018-1822

Aliases

CVE-2018-1822

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1822",
    "description": "IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.",
    "id": "GSD-2018-1822"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1822"
      ],
      "details": "IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.",
      "id": "GSD-2018-1822",
      "modified": "2023-12-13T01:22:37.508119Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2018-10-02T00:00:00",
        "ID": "CVE-2018-1822",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FlashSystem 900",
                    "version": {
                      "version_data": [
                        {
                          "version_value": " "
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296."
          }
        ]
      },
      "impact": {
        "cvssv3": {
          "BM": {
            "A": "H",
            "AC": "L",
            "AV": "N",
            "C": "H",
            "I": "H",
            "PR": "N",
            "S": "U",
            "SCORE": "9.800",
            "UI": "N"
          },
          "TM": {
            "E": "U",
            "RC": "C",
            "RL": "O"
          }
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Bypass Security"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ibm-flashsystem-cve20181822-sec-bypass(150296)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150296"
          },
          {
            "name": "http://www.ibm.com/support/docview.wss?uid=ibm10732962",
            "refsource": "CONFIRM",
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10732962"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_900_firmware:1.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_900:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_840_firmware:1.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_840:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2018-1822"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-flashsystem-cve20181822-sec-bypass(150296)",
              "refsource": "XF",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150296"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10732962",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10732962"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:39Z",
      "publishedDate": "2018-10-18T15:29Z"
    }
  }
}

wid-sec-w-2024-1173

Vulnerability from csaf_certbund

Published

2024-05-16 22:00

Modified

2024-05-16 22:00

Summary

IBM FlashSystem: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM FlashSystem is an IBM Storage enterprise system that stores data on flash memory

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM FlashSystem ausnutzen, um einen Denial of Service Angriff durchzuführen oder um seine Privilegien zu erweitern.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM FlashSystem is an IBM Storage enterprise system that stores data on flash memory",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM FlashSystem ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder um seine Privilegien zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1173 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1173.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1173 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1173"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-05-16",
        "url": "https://www.ibm.com/support/pages/node/732962"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-05-16",
        "url": "https://www.ibm.com/support/pages/node/650907"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM FlashSystem: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-05-17T09:02:52.586+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-1173",
      "initial_release_date": "2024-05-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-05-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.5.0.0",
                "product": {
                  "name": "IBM FlashSystem \u003c1.5.0.0",
                  "product_id": "T034892",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:1.5.0.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.4.8.1",
                "product": {
                  "name": "IBM FlashSystem \u003c1.4.8.1",
                  "product_id": "T034893",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:1.4.8.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.5.1.1",
                "product": {
                  "name": "IBM FlashSystem \u003c1.5.1.1",
                  "product_id": "T034894",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:1.5.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.4.8.0",
                "product": {
                  "name": "IBM FlashSystem \u003c1.4.8.0",
                  "product_id": "T034895",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:1.4.8.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.3.0.10",
                "product": {
                  "name": "IBM FlashSystem \u003c1.3.0.10",
                  "product_id": "T034896",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:1.3.0.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FlashSystem"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1495",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in IBM FlashSystem. Ein entfernter, authentifizierter Angreifer mit speziellem Zugriff kann diese Schwachstelle ausnutzen, um beliebigen Dateien zu \u00fcberschreiben und dadurch in Folge einen Denial-of-Service-Zustand verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034892"
        ]
      },
      "release_date": "2024-05-16T22:00:00Z",
      "title": "CVE-2018-1495"
    },
    {
      "cve": "CVE-2018-1822",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle im IBM FlashSystem. Diese Schwachstelle wird nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034896",
          "T034895"
        ]
      },
      "release_date": "2024-05-16T22:00:00Z",
      "title": "CVE-2018-1822"
    }
  ]
}

ghsa-gf4v-v7xg-cvwx

Vulnerability from github

Published

2022-05-13 01:32

Modified

2022-05-13 01:32

Severity

9.8 (Critical) - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1822"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-18T15:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.",
  "id": "GHSA-gf4v-v7xg-cvwx",
  "modified": "2022-05-13T01:32:35Z",
  "published": "2022-05-13T01:32:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1822"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150296"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10732962"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Action not permitted

CVE-2018-1822

Vulnerability from cvelistv5

var-201810-0672

Vulnerability from variot

gsd-2018-1822

Vulnerability from gsd

wid-sec-w-2024-1173

Vulnerability from csaf_certbund

ghsa-gf4v-v7xg-cvwx

Vulnerability from github

Tags