Lucene search
HistoryMay 17, 2018 - 9:29 p.m.
CVE-2018-1434
ibm
san volume controller
storwize
spectrum virtualize
flashsystem
cross-site request forgery
security vulnerability
ibm x-force
cve-2018-1434
nvd
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.2%
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.
Affected configurations
Node
ibmflashsystem_v9000Match7.5
ORibmflashsystem_v9000Match7.6
ORibmflashsystem_v9000Match7.6.1
ORibmflashsystem_v9000Match7.7
ORibmflashsystem_v9000Match7.7.1
ORibmflashsystem_v9000Match7.8
ORibmflashsystem_v9000Match7.8.1
ORibmflashsystem_v9000Match8.1
ORibmflashsystem_v9000Match6.1
ORibmflashsystem_v9000Match6.2
ORibmflashsystem_v9000Match6.3
ORibmflashsystem_v9000Match6.4
ORibmflashsystem_v9000Match7.1
ORibmflashsystem_v9000Match7.2
ORibmflashsystem_v9000Match7.3
ORibmflashsystem_v9000Match7.4
ORibmflashsystem_v9000Match8.1.1
ibmstorwize_v3700Match7.1
ORibmstorwize_v3700Match6.4
ORibmstorwize_v3700Match7.5
ORibmstorwize_v3700Match7.6
ORibmstorwize_v3700Match7.6.1
ORibmstorwize_v3700Match7.7
ORibmstorwize_v3700Match7.7.1
ORibmstorwize_v3700Match7.8
ORibmstorwize_v3700Match7.8.1
ORibmstorwize_v3700Match8.1
ORibmstorwize_v3700Match6.1
ORibmstorwize_v3700Match6.2
ORibmstorwize_v3700Match6.3
ORibmstorwize_v3700Match7.2
ORibmstorwize_v3700Match7.3
ORibmstorwize_v3700Match7.4
ORibmstorwize_v3700Match8.1.1
ibmstorwize_v5000Match7.1
ORibmstorwize_v5000Match7.5
ORibmstorwize_v5000Match7.6
ORibmstorwize_v5000Match7.6.1
ORibmstorwize_v5000Match7.7
ORibmstorwize_v5000Match7.7.1
ORibmstorwize_v5000Match7.8
ORibmstorwize_v5000Match7.8.1
ORibmstorwize_v5000Match8.1
ORibmstorwize_v5000Match6.1
ORibmstorwize_v5000Match6.2
ORibmstorwize_v5000Match6.3
ORibmstorwize_v5000Match6.4
ORibmstorwize_v5000Match7.2
ORibmstorwize_v5000Match7.3
ORibmstorwize_v5000Match7.4
ORibmstorwize_v5000Match8.1.1
ibmspectrum_virtualize_softwareMatch7.5
ORibmspectrum_virtualize_softwareMatch7.6
ORibmspectrum_virtualize_softwareMatch7.6.1
ORibmspectrum_virtualize_softwareMatch7.7
ORibmspectrum_virtualize_softwareMatch7.7.1
ORibmspectrum_virtualize_softwareMatch7.8
ORibmspectrum_virtualize_softwareMatch7.8.1
ORibmspectrum_virtualize_softwareMatch8.1
ORibmspectrum_virtualize_softwareMatch6.1
ORibmspectrum_virtualize_softwareMatch6.2
ORibmspectrum_virtualize_softwareMatch6.3
ORibmspectrum_virtualize_softwareMatch6.4
ORibmspectrum_virtualize_softwareMatch7.1
ORibmspectrum_virtualize_softwareMatch7.2
ORibmspectrum_virtualize_softwareMatch7.3
ORibmspectrum_virtualize_softwareMatch7.4
ORibmspectrum_virtualize_softwareMatch8.1.1
ibmsan_volume_controllerMatch6.1
ORibmsan_volume_controllerMatch6.2
ORibmsan_volume_controllerMatch6.3
ORibmsan_volume_controllerMatch6.4
ORibmsan_volume_controllerMatch7.1
ORibmsan_volume_controllerMatch7.5
ORibmsan_volume_controllerMatch7.6
ORibmsan_volume_controllerMatch7.6.1
ORibmsan_volume_controllerMatch7.7
ORibmsan_volume_controllerMatch7.7.1
ORibmsan_volume_controllerMatch7.8
ORibmsan_volume_controllerMatch7.8.1
ORibmsan_volume_controllerMatch8.1
ibmspectrum_virtualize_for_public_cloudMatch7.5
ORibmspectrum_virtualize_for_public_cloudMatch7.6
ORibmspectrum_virtualize_for_public_cloudMatch7.6.1
ORibmspectrum_virtualize_for_public_cloudMatch7.7
ORibmspectrum_virtualize_for_public_cloudMatch7.7.1
ORibmspectrum_virtualize_for_public_cloudMatch7.8
ORibmspectrum_virtualize_for_public_cloudMatch7.8.1
ORibmspectrum_virtualize_for_public_cloudMatch8.1
ORibmspectrum_virtualize_for_public_cloudMatch6.1
ORibmspectrum_virtualize_for_public_cloudMatch6.2
ORibmspectrum_virtualize_for_public_cloudMatch6.3
ORibmspectrum_virtualize_for_public_cloudMatch6.4
ORibmspectrum_virtualize_for_public_cloudMatch7.1
ORibmspectrum_virtualize_for_public_cloudMatch7.2
ORibmspectrum_virtualize_for_public_cloudMatch7.3
ORibmspectrum_virtualize_for_public_cloudMatch7.4
ORibmspectrum_virtualize_for_public_cloudMatch8.1.1
ibmstorwize_v7000Match6.1
ORibmstorwize_v7000Match6.2
ORibmstorwize_v7000Match6.3
ORibmstorwize_v7000Match6.4
ORibmstorwize_v7000Match7.1
ORibmstorwize_v7000Match7.2
ORibmstorwize_v7000Match7.3
ORibmstorwize_v7000Match7.4
ORibmstorwize_v7000Match1.1
ORibmstorwize_v7000Match7.5
ORibmstorwize_v7000Match7.6
ORibmstorwize_v7000Match7.6.1
ORibmstorwize_v7000Match7.7
ORibmstorwize_v7000Match7.7.1
ORibmstorwize_v7000Match7.8
ORibmstorwize_v7000Match7.8.1
ORibmstorwize_v7000Match8.1
ORibmstorwize_v7000Match8.1.1
ibmstorwize_v3500Match6.4
ORibmstorwize_v3500Match7.1
ORibmstorwize_v3500Match7.5
ORibmstorwize_v3500Match7.6
ORibmstorwize_v3500Match7.6.1
ORibmstorwize_v3500Match7.7
ORibmstorwize_v3500Match7.7.1
ORibmstorwize_v3500Match7.8
ORibmstorwize_v3500Match7.8.1
ORibmstorwize_v3500Match8.1
ORibmstorwize_v3500Match6.1
ORibmstorwize_v3500Match6.2
ORibmstorwize_v3500Match6.3
ORibmstorwize_v3500Match7.2
ORibmstorwize_v3500Match7.3
ORibmstorwize_v3500Match7.4
ORibmstorwize_v3500Match8.1.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | flashsystem_v9000 | 7.5 | cpe:2.3:h:ibm:flashsystem_v9000:7.5:*:*:*:*:*:*:* |
| ibm | flashsystem_v9000 | 7.6 | cpe:2.3:h:ibm:flashsystem_v9000:7.6:*:*:*:*:*:*:* |
| ibm | flashsystem_v9000 | 7.6.1 | cpe:2.3:h:ibm:flashsystem_v9000:7.6.1:*:*:*:*:*:*:* |
| ibm | flashsystem_v9000 | 7.7 | cpe:2.3:h:ibm:flashsystem_v9000:7.7:*:*:*:*:*:*:* |
| ibm | flashsystem_v9000 | 7.7.1 | cpe:2.3:h:ibm:flashsystem_v9000:7.7.1:*:*:*:*:*:*:* |
| ibm | flashsystem_v9000 | 7.8 | cpe:2.3:h:ibm:flashsystem_v9000:7.8:*:*:*:*:*:*:* |
| ibm | flashsystem_v9000 | 7.8.1 | cpe:2.3:h:ibm:flashsystem_v9000:7.8.1:*:*:*:*:*:*:* |
| ibm | flashsystem_v9000 | 8.1 | cpe:2.3:h:ibm:flashsystem_v9000:8.1:*:*:*:*:*:*:* |
| ibm | flashsystem_v9000 | 6.1 | cpe:2.3:h:ibm:flashsystem_v9000:6.1:*:*:*:*:*:*:* |
| ibm | flashsystem_v9000 | 6.2 | cpe:2.3:h:ibm:flashsystem_v9000:6.2:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "FlashSystem V9000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "Storwize V3700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "Storwize V5000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "Spectrum Virtualize Software",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "SAN Volume Controller",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
}
]
},
{
"product": "Spectrum Virtualize for Public Cloud",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "Storwize V7000 (2076)",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "Storwize V3500",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
}
]Related
nvd
nvd
CVE-2018-1434
2018-05-17 21:29:00
prion
prion
Cross site request forgery (csrf)
2018-05-17 21:29:00
cvelist
cvelist
CVE-2018-1434
2018-05-14 00:00:00
ibm
ibm
packetstorm
packetstorm
zdt
zdt
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.2%
Related for CVE-2018-1434