var-201603-0099
Vulnerability from variot

Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM FlashSystem V9000 is an all-flash enterprise-level storage solution developed by IBM Corporation in the United States. The solution provides a full set of disaster recovery tools (including snapshot, clone and replication) to protect data security and use IBM Virtual Storage Center to realize virtualization configuration and performance management. A remote attacker could exploit this vulnerability to insert an XSS sequence. The following models and versions are affected: IBM FlashSystem V9000 9846-AE2, 9848-AE2, 9846-AC2, 9848-AC2 7.4 prior to 7.4.1.4, 7.5 prior to 7.5.1.3, 7.6 prior to 7.6.0.4

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201603-0099",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "flashsystem v9000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "flashsystem v9000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "flashsystem v9000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "flashsystem v9000",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "flashsystem v9000 9846-ae2",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem v9000 9846-ac2",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem v9000",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "flashsystem v9000",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.6.0.4"
      },
      {
        "model": "flashsystem v9000",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5.1.3"
      },
      {
        "model": "flashsystem v9000",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.4.1.4"
      },
      {
        "model": "flashsystem v9000 9848-ae2",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem v9000",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "flashsystem v9000 9848-ac2",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem 9848-ac2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem 9846-ac2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem 9848-ae2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem 9846-ae2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9848-ae2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9846-ae2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9846-ac2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9848-ac2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      }
    ]
  },
  "cve": "CVE-2015-7446",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-7446",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-85407",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-7446",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-7446",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201603-202",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85407",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM FlashSystem V9000 is an all-flash enterprise-level storage solution developed by IBM Corporation in the United States. The solution provides a full set of disaster recovery tools (including snapshot, clone and replication) to protect data security and use IBM Virtual Storage Center to realize virtualization configuration and performance management. A remote attacker could exploit this vulnerability to insert an XSS sequence. The following models and versions are affected: IBM FlashSystem V9000 9846-AE2, 9848-AE2, 9846-AC2, 9848-AC2 7.4 prior to 7.4.1.4, 7.5 prior to 7.5.1.3, 7.6 prior to 7.6.0.4",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7446",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "84597",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-85407",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "id": "VAR-201603-0099",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:34:26.614000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "S1005570",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005570"
      },
      {
        "title": "IBM FlashSystem V9000 Fixes for cross-site request forgery vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60560"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005570"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7446"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7446"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "date": "2016-03-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "date": "2016-03-12T15:59:00.150000",
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "date": "2016-03-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85407"
      },
      {
        "date": "2016-03-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      },
      {
        "date": "2018-10-17T18:47:12.877000",
        "db": "NVD",
        "id": "CVE-2015-7446"
      },
      {
        "date": "2016-03-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM FlashSystem V9000 Vulnerable to cross-site request forgery",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006991"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-202"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.