Published: 17/05/2018 Updated: 19/08/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm storwize_v7000_firmware
ibm storwize_v5000_firmware
ibm storwize_v3700_firmware
ibm storwize_v3500_firmware
ibm storwize_v9000_firmware
ibm san_volume_controller_firmware
ibm spectrum virtualize
ibm spectrum virtualize for public cloud

Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000 They include cross site request forgery, arbitrary file read, unauthenticated access, and various other vulnerabilities ...

CWE-863 https://exchange.xforce.ibmcloud.com/vulnerabilities/140368 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.securityfocus.com/bid/104349 https://nvd.nist.gov https://packetstormsecurity.com/files/147601/IBM-Flashsystem-Storwize-CSRF-Arbitrary-File-Read-Information-Disclosure.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-1463

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect