CVE-2018-1463

Published: 17/05/2018 Updated: 19/08/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm storwize v7000 firmware
ibm storwize v5000 firmware
ibm storwize v3700 firmware
ibm storwize v3500 firmware
ibm storwize v9000 firmware
ibm san volume controller firmware
ibm spectrum virtualize
ibm spectrum virtualize for public cloud

Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000 They include cross site request forgery, arbitrary file read, unauthenticated access, and various other vulnerabilities ...

CWE-863 https://exchange.xforce.ibmcloud.com/vulnerabilities/140368 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.securityfocus.com/bid/104349 https://nvd.nist.gov https://packetstormsecurity.com/files/147601/IBM-Flashsystem-Storwize-CSRF-Arbitrary-File-Read-Information-Disclosure.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-1463

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect