Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ghsa-7657-r953-54qx
Vulnerability from github
Published
2022-05-13 01:32
Modified
2022-05-13 01:32
Severity ?
Details
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.
{ "affected": [], "aliases": [ "CVE-2018-1775" ], "database_specific": { "cwe_ids": [ "CWE-200" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2019-02-27T22:29:00Z", "severity": "MODERATE" }, "details": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.", "id": "GHSA-7657-r953-54qx", "modified": "2022-05-13T01:32:43Z", "published": "2022-05-13T01:32:43Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1775" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757" }, { "type": "WEB", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/107187" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }
cve-2018-1775
Vulnerability from cvelistv5
Published
2019-02-27 22:00
Modified
2024-09-16 18:43
Severity ?
EPSS score ?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/107187 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/148757 | vdb-entry, x_refsource_XF | |
https://www.ibm.com/support/docview.wss?uid=ibm10872486 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | IBM | torwize V7000 |
Version: 7.5 Version: 8.2 |
||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:07:44.355Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "107187", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/107187" }, { "name": "ibm-storwize-cve20181775-file-download(148757)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "torwize V7000", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.5" }, { "status": "affected", "version": "8.2" } ] }, { "product": "torwize V3500", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.5" }, { "status": "affected", "version": "8.2" } ] }, { "product": "torwize V3700", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.5" }, { "status": "affected", "version": "8.2" } ] }, { "product": "Spectrum Virtualize for Public Cloud", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.5" }, { "status": "affected", "version": "8.2" } ] }, { "product": "Spectrum Virtualize Software", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.5" }, { "status": "affected", "version": "8.2" } ] }, { "product": "SAN Volume Controller", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.5" }, { "status": "affected", "version": "8.2" } ] }, { "product": "FlashSystem V9000", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.5" }, { "status": "affected", "version": "8.2" } ] }, { "product": "torwize V5000", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.5" }, { "status": "affected", "version": "8.2" } ] }, { "product": "FlashSystem 9100 Family", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.5" }, { "status": "affected", "version": "8.2" } ] } ], "datePublic": "2019-02-25T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "TEMPORARY_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:T", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-01T10:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "107187", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/107187" }, { "name": "ibm-storwize-cve20181775-file-download(148757)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-02-25T00:00:00", "ID": "CVE-2018-1775", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "torwize V7000", "version": { "version_data": [ { "version_value": "7.5" }, { "version_value": "8.2" } ] } }, { "product_name": "torwize V3500", "version": { "version_data": [ { "version_value": "7.5" }, { "version_value": "8.2" } ] } }, { "product_name": "torwize V3700", "version": { "version_data": [ { "version_value": "7.5" }, { "version_value": "8.2" } ] } }, { "product_name": "Spectrum Virtualize for Public Cloud", "version": { "version_data": [ { "version_value": "7.5" }, { "version_value": "8.2" } ] } }, { "product_name": "Spectrum Virtualize Software", "version": { "version_data": [ { "version_value": "7.5" }, { "version_value": "8.2" } ] } }, { "product_name": "SAN Volume Controller", "version": { "version_data": [ { "version_value": "7.5" }, { "version_value": "8.2" } ] } }, { "product_name": "FlashSystem V9000", "version": { "version_data": [ { "version_value": "7.5" }, { "version_value": "8.2" } ] } }, { "product_name": "torwize V5000", "version": { "version_data": [ { "version_value": "7.5" }, { "version_value": "8.2" } ] } }, { "product_name": "FlashSystem 9100 Family", "version": { "version_data": [ { "version_value": "7.5" }, { "version_value": "8.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "H", "I": "N", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "T" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "107187", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107187" }, { "name": "ibm-storwize-cve20181775-file-download(148757)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757" }, { "name": "https://www.ibm.com/support/docview.wss?uid=ibm10872486", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1775", "datePublished": "2019-02-27T22:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T18:43:43.401Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.