cvelistv5 - cve-2015-7446

CVE-2015-7446 (GCVE-0-2015-7446)

Vulnerability from cvelistv5 – Published: 2016-03-12 15:00 – Updated: 2024-08-06 07:51

Summary

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

Tags

http://www-01.ibm.com/support/docview.wss?uid=ssg…

x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.359Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-03-12T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7446",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7446",
    "datePublished": "2016-03-12T15:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEB7FCA5-3B8C-4719-8BDB-5F2D60F0587A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7373F0A-1417-4840-B408-34F45728CD51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6691B38-0A7B-463F-A1C8-9CA37FD3E0F5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:flashsystem_9846-ac2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8CC9EB5-07BE-4469-AAA5-CD45E757920F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:flashsystem_9846-ae2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6915102E-4450-4A3A-9B81-670B02E7BDEC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:flashsystem_9848-ac2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E677E8A2-A1A1-4FAC-8B3A-77882CB8C1DD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:flashsystem_9848-ae2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD5C253A-086B-4ADB-AFBF-74BFAA696AA2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de CSRF en IBM Flash System V9000 7.4 en versiones anteriores a 7.4.1.4, 7.5 en versiones anteriores a 7.5.1.3 y 7.6 en versiones anteriores a 7.6.0.4 permite a atacantes remotos secuestrar la autenticaci\\u00f3n de usuarios arbitrarios por peticiones que insertan secuencias XSS.\"}]",
      "id": "CVE-2015-7446",
      "lastModified": "2024-11-21T02:36:48.283",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2016-03-12T15:59:00.150",
      "references": "[{\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-7446\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2016-03-12T15:59:00.150\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de CSRF en IBM Flash System V9000 7.4 en versiones anteriores a 7.4.1.4, 7.5 en versiones anteriores a 7.5.1.3 y 7.6 en versiones anteriores a 7.6.0.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios por peticiones que insertan secuencias XSS.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEB7FCA5-3B8C-4719-8BDB-5F2D60F0587A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7373F0A-1417-4840-B408-34F45728CD51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6691B38-0A7B-463F-A1C8-9CA37FD3E0F5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:flashsystem_9846-ac2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8CC9EB5-07BE-4469-AAA5-CD45E757920F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:flashsystem_9846-ae2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6915102E-4450-4A3A-9B81-670B02E7BDEC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:flashsystem_9848-ac2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E677E8A2-A1A1-4FAC-8B3A-77882CB8C1DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:flashsystem_9848-ae2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD5C253A-086B-4ADB-AFBF-74BFAA696AA2\"}]}]}],\"references\":[{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2016-01702

Vulnerability from cnvd - Published: 2016-03-17

Title

IBM FlashSystem V9000跨站请求伪造漏洞

Description

IBM FlashSystem V9000是美国IBM公司的一套全闪存企业级存储解决方案。该方案提供全套灾难恢复工具（包括快照、克隆和复制）来保护数据安全以及使用IBM Virtual Storage Center实现虚拟化配置和性能管理等。 IBM FlashSystem V9000中存在跨站请求伪造漏洞。远程攻击者可利用该漏洞插入XSS序列。

Severity

中

Patch Name

IBM FlashSystem V9000跨站请求伪造漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570

Reference

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570

Impacted products

Name
['IBM Flash System V9000 7.4(<7.4.1.4)', 'IBM Flash System V9000 7.5(<7.5.1.30', 'IBM Flash System V9000 7.6(<7.6.0.4)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7446"
    }
  },
  "description": "IBM FlashSystem V9000\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u5168\u95ea\u5b58\u4f01\u4e1a\u7ea7\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u63d0\u4f9b\u5168\u5957\u707e\u96be\u6062\u590d\u5de5\u5177\uff08\u5305\u62ec\u5feb\u7167\u3001\u514b\u9686\u548c\u590d\u5236\uff09\u6765\u4fdd\u62a4\u6570\u636e\u5b89\u5168\u4ee5\u53ca\u4f7f\u7528IBM Virtual Storage Center\u5b9e\u73b0\u865a\u62df\u5316\u914d\u7f6e\u548c\u6027\u80fd\u7ba1\u7406\u7b49\u3002\r\n\r\nIBM FlashSystem V9000\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d2\u5165XSS\u5e8f\u5217\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01702",
  "openTime": "2016-03-17",
  "patchDescription": "IBM FlashSystem V9000\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u5168\u95ea\u5b58\u4f01\u4e1a\u7ea7\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u63d0\u4f9b\u5168\u5957\u707e\u96be\u6062\u590d\u5de5\u5177\uff08\u5305\u62ec\u5feb\u7167\u3001\u514b\u9686\u548c\u590d\u5236\uff09\u6765\u4fdd\u62a4\u6570\u636e\u5b89\u5168\u4ee5\u53ca\u4f7f\u7528IBM Virtual Storage Center\u5b9e\u73b0\u865a\u62df\u5316\u914d\u7f6e\u548c\u6027\u80fd\u7ba1\u7406\u7b49\u3002\r\n\r\nIBM FlashSystem V9000\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d2\u5165XSS\u5e8f\u5217\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM FlashSystem V9000\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Flash System V9000 7.4(\u003c7.4.1.4)",
      "IBM Flash System V9000 7.5(\u003c7.5.1.30",
      "IBM Flash System V9000 7.6(\u003c7.6.0.4)"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570",
  "serverity": "\u4e2d",
  "submitTime": "2016-03-16",
  "title": "IBM FlashSystem V9000\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CNVD-2016-01723

Vulnerability from cnvd - Published: 2016-03-17

Title

IBM FlashSystem V9000跨站请求伪造漏洞

Description

IBM FlashSystem V9000是美国IBM公司的一套全闪存企业级存储解决方案。 IBM FlashSystem V9000中存在跨站请求伪造漏洞，远程攻击者可利用该漏洞插入XSS序列。

Severity

中

Patch Name

IBM FlashSystem V9000跨站请求伪造漏洞的补丁

Patch Description

IBM FlashSystem V9000是美国IBM公司的一套全闪存企业级存储解决方案。 IBM FlashSystem V9000中存在跨站请求伪造漏洞，远程攻击者可利用该漏洞插入XSS序列。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570

Reference

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570

Impacted products

Name
['IBM Flash System V9000 7.4(<7.4.1.4)', 'IBM Flash System V9000 7.5(<7.5.1.30', 'IBM Flash System V9000 7.6(<7.6.0.4)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7446"
    }
  },
  "description": "IBM FlashSystem V9000\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u5168\u95ea\u5b58\u4f01\u4e1a\u7ea7\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nIBM FlashSystem V9000\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d2\u5165XSS\u5e8f\u5217\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01723",
  "openTime": "2016-03-17",
  "patchDescription": "IBM FlashSystem V9000\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u5168\u95ea\u5b58\u4f01\u4e1a\u7ea7\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nIBM FlashSystem V9000\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d2\u5165XSS\u5e8f\u5217\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM FlashSystem V9000\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Flash System V9000 7.4(\u003c7.4.1.4)",
      "IBM Flash System V9000 7.5(\u003c7.5.1.30",
      "IBM Flash System V9000 7.6(\u003c7.6.0.4)"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570",
  "serverity": "\u4e2d",
  "submitTime": "2016-03-16",
  "title": "IBM FlashSystem V9000\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

VAR-201603-0099

Vulnerability from variot - Updated: 2023-12-18 13:34

Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM FlashSystem V9000 is an all-flash enterprise-level storage solution developed by IBM Corporation in the United States. The solution provides a full set of disaster recovery tools (including snapshot, clone and replication) to protect data security and use IBM Virtual Storage Center to realize virtualization configuration and performance management. A remote attacker could exploit this vulnerability to insert an XSS sequence. The following models and versions are affected: IBM FlashSystem V9000 9846-AE2, 9848-AE2, 9846-AC2, 9848-AC2 7.4 prior to 7.4.1.4, 7.5 prior to 7.5.1.3, 7.6 prior to 7.6.0.4

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201603-0099",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "flashsystem v9000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "flashsystem v9000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "flashsystem v9000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "flashsystem v9000",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "flashsystem v9000 9846-ae2",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem v9000 9846-ac2",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem v9000",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "flashsystem v9000",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.6.0.4"
      },
      {
        "model": "flashsystem v9000",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5.1.3"
      },
      {
        "model": "flashsystem v9000",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.4.1.4"
      },
      {
        "model": "flashsystem v9000 9848-ae2",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem v9000",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "flashsystem v9000 9848-ac2",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem 9848-ac2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem 9846-ac2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem 9848-ae2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem 9846-ae2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9848-ae2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9846-ae2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9846-ac2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9848-ac2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      }
    ]
  },
  "cve": "CVE-2015-7446",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-7446",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-85407",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-7446",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-7446",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201603-202",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85407",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM FlashSystem V9000 is an all-flash enterprise-level storage solution developed by IBM Corporation in the United States. The solution provides a full set of disaster recovery tools (including snapshot, clone and replication) to protect data security and use IBM Virtual Storage Center to realize virtualization configuration and performance management. A remote attacker could exploit this vulnerability to insert an XSS sequence. The following models and versions are affected: IBM FlashSystem V9000 9846-AE2, 9848-AE2, 9846-AC2, 9848-AC2 7.4 prior to 7.4.1.4, 7.5 prior to 7.5.1.3, 7.6 prior to 7.6.0.4",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7446",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "84597",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-85407",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "id": "VAR-201603-0099",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:34:26.614000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "S1005570",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005570"
      },
      {
        "title": "IBM FlashSystem V9000 Fixes for cross-site request forgery vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60560"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005570"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7446"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7446"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "date": "2016-03-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "date": "2016-03-12T15:59:00.150000",
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "date": "2016-03-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "date": "2016-03-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "date": "2018-10-17T18:47:12.877000",
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "date": "2016-03-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM FlashSystem V9000 Vulnerable to cross-site request forgery",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ],
    "trust": 0.6
  }
}

GSD-2015-7446

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-7446

Aliases

CVE-2015-7446

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7446",
    "description": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.",
    "id": "GSD-2015-7446"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7446"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.",
      "id": "GSD-2015-7446",
      "modified": "2023-12-13T01:20:01.938911Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2015-7446",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9848-ae2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9846-ae2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9846-ac2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9848-ac2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7446"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-10-17T18:47Z",
      "publishedDate": "2016-03-12T15:59Z"
    }
  }
}

GHSA-G8Q2-R69C-J6R7

Vulnerability from github – Published: 2022-05-14 02:20 – Updated: 2022-05-14 02:20

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-03-12T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.",
  "id": "GHSA-g8q2-r69c-j6r7",
  "modified": "2022-05-14T02:20:56Z",
  "published": "2022-05-14T02:20:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7446"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2015-7446

Vulnerability from fkie_nvd - Published: 2016-03-12 15:59 - Updated: 2025-04-12 10:46

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	flashsystem_v9000_firmware	7.4
ibm	flashsystem_v9000_firmware	7.5
ibm	flashsystem_v9000_firmware	7.6
ibm	flashsystem_9846-ac2	-
ibm	flashsystem_9846-ae2	-
ibm	flashsystem_9848-ac2	-
ibm	flashsystem_9848-ae2	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB7FCA5-3B8C-4719-8BDB-5F2D60F0587A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7373F0A-1417-4840-B408-34F45728CD51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6691B38-0A7B-463F-A1C8-9CA37FD3E0F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:flashsystem_9846-ac2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8CC9EB5-07BE-4469-AAA5-CD45E757920F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:flashsystem_9846-ae2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6915102E-4450-4A3A-9B81-670B02E7BDEC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:flashsystem_9848-ac2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E677E8A2-A1A1-4FAC-8B3A-77882CB8C1DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:flashsystem_9848-ae2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD5C253A-086B-4ADB-AFBF-74BFAA696AA2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en IBM Flash System V9000 7.4 en versiones anteriores a 7.4.1.4, 7.5 en versiones anteriores a 7.5.1.3 y 7.6 en versiones anteriores a 7.6.0.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios por peticiones que insertan secuencias XSS."
    }
  ],
  "id": "CVE-2015-7446",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-12T15:59:00.150",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7446 (GCVE-0-2015-7446)

CNVD-2016-01702

CNVD-2016-01723

VAR-201603-0099

GSD-2015-7446

GHSA-G8Q2-R69C-J6R7

FKIE_CVE-2015-7446

Tags

Sightings

Nomenclature