VAR-201603-0099
Vulnerability from variot - Updated: 2023-12-18 13:34Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM FlashSystem V9000 is an all-flash enterprise-level storage solution developed by IBM Corporation in the United States. The solution provides a full set of disaster recovery tools (including snapshot, clone and replication) to protect data security and use IBM Virtual Storage Center to realize virtualization configuration and performance management. A remote attacker could exploit this vulnerability to insert an XSS sequence. The following models and versions are affected: IBM FlashSystem V9000 9846-AE2, 9848-AE2, 9846-AC2, 9848-AC2 7.4 prior to 7.4.1.4, 7.5 prior to 7.5.1.3, 7.6 prior to 7.6.0.4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0099",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flashsystem v9000",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "flashsystem v9000",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "flashsystem v9000",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "7.6"
},
{
"model": "flashsystem v9000",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "flashsystem v9000 9846-ae2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flashsystem v9000 9846-ac2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flashsystem v9000",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "7.6"
},
{
"model": "flashsystem v9000",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.6.0.4"
},
{
"model": "flashsystem v9000",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.5.1.3"
},
{
"model": "flashsystem v9000",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.4.1.4"
},
{
"model": "flashsystem v9000 9848-ae2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flashsystem v9000",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "flashsystem v9000 9848-ac2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flashsystem 9848-ac2",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": null
},
{
"model": "flashsystem 9846-ac2",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": null
},
{
"model": "flashsystem 9848-ae2",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": null
},
{
"model": "flashsystem 9846-ae2",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006991"
},
{
"db": "NVD",
"id": "CVE-2015-7446"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-202"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9848-ae2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9846-ae2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9846-ac2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ibm:flashsystem_9848-ac2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7446"
}
]
},
"cve": "CVE-2015-7446",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7446",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-85407",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7446",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7446",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-202",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85407",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85407"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006991"
},
{
"db": "NVD",
"id": "CVE-2015-7446"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-202"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM FlashSystem V9000 is an all-flash enterprise-level storage solution developed by IBM Corporation in the United States. The solution provides a full set of disaster recovery tools (including snapshot, clone and replication) to protect data security and use IBM Virtual Storage Center to realize virtualization configuration and performance management. A remote attacker could exploit this vulnerability to insert an XSS sequence. The following models and versions are affected: IBM FlashSystem V9000 9846-AE2, 9848-AE2, 9846-AC2, 9848-AC2 7.4 prior to 7.4.1.4, 7.5 prior to 7.5.1.3, 7.6 prior to 7.6.0.4",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7446"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006991"
},
{
"db": "VULHUB",
"id": "VHN-85407"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7446",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006991",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-202",
"trust": 0.7
},
{
"db": "BID",
"id": "84597",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-85407",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85407"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006991"
},
{
"db": "NVD",
"id": "CVE-2015-7446"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-202"
}
]
},
"id": "VAR-201603-0099",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85407"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:34:26.614000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "S1005570",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005570"
},
{
"title": "IBM FlashSystem V9000 Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60560"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006991"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85407"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006991"
},
{
"db": "NVD",
"id": "CVE-2015-7446"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005570"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7446"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7446"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85407"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006991"
},
{
"db": "NVD",
"id": "CVE-2015-7446"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-202"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85407"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006991"
},
{
"db": "NVD",
"id": "CVE-2015-7446"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-202"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-85407"
},
{
"date": "2016-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006991"
},
{
"date": "2016-03-12T15:59:00.150000",
"db": "NVD",
"id": "CVE-2015-7446"
},
{
"date": "2016-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-202"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-85407"
},
{
"date": "2016-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006991"
},
{
"date": "2018-10-17T18:47:12.877000",
"db": "NVD",
"id": "CVE-2015-7446"
},
{
"date": "2016-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-202"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-202"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM FlashSystem V9000 Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006991"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-202"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…