Lucene search
HistoryMay 17, 2018 - 9:29 p.m.
CVE-2018-1461
ibm
san volume controller
storwize
spectrum virtualize
flashsystem
xss
vulnerability
cve-2018-1461
security
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.7%
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.
Affected configurations
Node
ibmspectrum_virtualize_softwareMatch7.5
ORibmspectrum_virtualize_softwareMatch7.6
ORibmspectrum_virtualize_softwareMatch7.6.1
ORibmspectrum_virtualize_softwareMatch7.7
ORibmspectrum_virtualize_softwareMatch7.7.1
ORibmspectrum_virtualize_softwareMatch7.8
ORibmspectrum_virtualize_softwareMatch7.8.1
ORibmspectrum_virtualize_softwareMatch8.1
ORibmspectrum_virtualize_softwareMatch6.1
ORibmspectrum_virtualize_softwareMatch6.2
ORibmspectrum_virtualize_softwareMatch6.3
ORibmspectrum_virtualize_softwareMatch6.4
ORibmspectrum_virtualize_softwareMatch7.1
ORibmspectrum_virtualize_softwareMatch7.2
ORibmspectrum_virtualize_softwareMatch7.3
ORibmspectrum_virtualize_softwareMatch7.4
ORibmspectrum_virtualize_softwareMatch8.1.1
ibmstorwize_v5000Match7.1
ORibmstorwize_v5000Match7.5
ORibmstorwize_v5000Match7.6
ORibmstorwize_v5000Match7.6.1
ORibmstorwize_v5000Match7.7
ORibmstorwize_v5000Match7.7.1
ORibmstorwize_v5000Match7.8
ORibmstorwize_v5000Match7.8.1
ORibmstorwize_v5000Match8.1
ORibmstorwize_v5000Match6.1
ORibmstorwize_v5000Match6.2
ORibmstorwize_v5000Match6.3
ORibmstorwize_v5000Match6.4
ORibmstorwize_v5000Match7.2
ORibmstorwize_v5000Match7.3
ORibmstorwize_v5000Match7.4
ORibmstorwize_v5000Match8.1.1
ibmstorwize_v3500Match6.4
ORibmstorwize_v3500Match7.1
ORibmstorwize_v3500Match7.5
ORibmstorwize_v3500Match7.6
ORibmstorwize_v3500Match7.6.1
ORibmstorwize_v3500Match7.7
ORibmstorwize_v3500Match7.7.1
ORibmstorwize_v3500Match7.8
ORibmstorwize_v3500Match7.8.1
ORibmstorwize_v3500Match8.1
ORibmstorwize_v3500Match6.1
ORibmstorwize_v3500Match6.2
ORibmstorwize_v3500Match6.3
ORibmstorwize_v3500Match7.2
ORibmstorwize_v3500Match7.3
ORibmstorwize_v3500Match7.4
ORibmstorwize_v3500Match8.1.1
ibmstorwize_v7000Match6.1
ORibmstorwize_v7000Match6.2
ORibmstorwize_v7000Match6.3
ORibmstorwize_v7000Match6.4
ORibmstorwize_v7000Match7.1
ORibmstorwize_v7000Match7.2
ORibmstorwize_v7000Match7.3
ORibmstorwize_v7000Match7.4
ORibmstorwize_v7000Match1.1
ORibmstorwize_v7000Match7.5
ORibmstorwize_v7000Match7.6
ORibmstorwize_v7000Match7.6.1
ORibmstorwize_v7000Match7.7
ORibmstorwize_v7000Match7.7.1
ORibmstorwize_v7000Match7.8
ORibmstorwize_v7000Match7.8.1
ORibmstorwize_v7000Match8.1
ORibmstorwize_v7000Match8.1.1
ibmstorwize_v3700Match7.1
ORibmstorwize_v3700Match6.4
ORibmstorwize_v3700Match7.5
ORibmstorwize_v3700Match7.6
ORibmstorwize_v3700Match7.6.1
ORibmstorwize_v3700Match7.7
ORibmstorwize_v3700Match7.7.1
ORibmstorwize_v3700Match7.8
ORibmstorwize_v3700Match7.8.1
ORibmstorwize_v3700Match8.1
ORibmstorwize_v3700Match6.1
ORibmstorwize_v3700Match6.2
ORibmstorwize_v3700Match6.3
ORibmstorwize_v3700Match7.2
ORibmstorwize_v3700Match7.3
ORibmstorwize_v3700Match7.4
ORibmstorwize_v3700Match8.1.1
ibmflashsystem_v9000Match7.5
ORibmflashsystem_v9000Match7.6
ORibmflashsystem_v9000Match7.6.1
ORibmflashsystem_v9000Match7.7
ORibmflashsystem_v9000Match7.7.1
ORibmflashsystem_v9000Match7.8
ORibmflashsystem_v9000Match7.8.1
ORibmflashsystem_v9000Match8.1
ORibmflashsystem_v9000Match6.1
ORibmflashsystem_v9000Match6.2
ORibmflashsystem_v9000Match6.3
ORibmflashsystem_v9000Match6.4
ORibmflashsystem_v9000Match7.1
ORibmflashsystem_v9000Match7.2
ORibmflashsystem_v9000Match7.3
ORibmflashsystem_v9000Match7.4
ORibmflashsystem_v9000Match8.1.1
ibmsan_volume_controllerMatch6.1
ORibmsan_volume_controllerMatch6.2
ORibmsan_volume_controllerMatch6.3
ORibmsan_volume_controllerMatch6.4
ORibmsan_volume_controllerMatch7.1
ORibmsan_volume_controllerMatch7.5
ORibmsan_volume_controllerMatch7.6
ORibmsan_volume_controllerMatch7.6.1
ORibmsan_volume_controllerMatch7.7
ORibmsan_volume_controllerMatch7.7.1
ORibmsan_volume_controllerMatch7.8
ORibmsan_volume_controllerMatch7.8.1
ORibmsan_volume_controllerMatch8.1
ibmspectrum_virtualize_for_public_cloudMatch7.5
ORibmspectrum_virtualize_for_public_cloudMatch7.6
ORibmspectrum_virtualize_for_public_cloudMatch7.6.1
ORibmspectrum_virtualize_for_public_cloudMatch7.7
ORibmspectrum_virtualize_for_public_cloudMatch7.7.1
ORibmspectrum_virtualize_for_public_cloudMatch7.8
ORibmspectrum_virtualize_for_public_cloudMatch7.8.1
ORibmspectrum_virtualize_for_public_cloudMatch8.1
ORibmspectrum_virtualize_for_public_cloudMatch6.1
ORibmspectrum_virtualize_for_public_cloudMatch6.2
ORibmspectrum_virtualize_for_public_cloudMatch6.3
ORibmspectrum_virtualize_for_public_cloudMatch6.4
ORibmspectrum_virtualize_for_public_cloudMatch7.1
ORibmspectrum_virtualize_for_public_cloudMatch7.2
ORibmspectrum_virtualize_for_public_cloudMatch7.3
ORibmspectrum_virtualize_for_public_cloudMatch7.4
ORibmspectrum_virtualize_for_public_cloudMatch8.1.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | spectrum_virtualize_software | 7.5 | cpe:2.3:a:ibm:spectrum_virtualize_software:7.5:*:*:*:*:*:*:* |
| ibm | spectrum_virtualize_software | 7.6 | cpe:2.3:a:ibm:spectrum_virtualize_software:7.6:*:*:*:*:*:*:* |
| ibm | spectrum_virtualize_software | 7.6.1 | cpe:2.3:a:ibm:spectrum_virtualize_software:7.6.1:*:*:*:*:*:*:* |
| ibm | spectrum_virtualize_software | 7.7 | cpe:2.3:a:ibm:spectrum_virtualize_software:7.7:*:*:*:*:*:*:* |
| ibm | spectrum_virtualize_software | 7.7.1 | cpe:2.3:a:ibm:spectrum_virtualize_software:7.7.1:*:*:*:*:*:*:* |
| ibm | spectrum_virtualize_software | 7.8 | cpe:2.3:a:ibm:spectrum_virtualize_software:7.8:*:*:*:*:*:*:* |
| ibm | spectrum_virtualize_software | 7.8.1 | cpe:2.3:a:ibm:spectrum_virtualize_software:7.8.1:*:*:*:*:*:*:* |
| ibm | spectrum_virtualize_software | 8.1 | cpe:2.3:a:ibm:spectrum_virtualize_software:8.1:*:*:*:*:*:*:* |
| ibm | spectrum_virtualize_software | 6.1 | cpe:2.3:a:ibm:spectrum_virtualize_software:6.1:*:*:*:*:*:*:* |
| ibm | spectrum_virtualize_software | 6.2 | cpe:2.3:a:ibm:spectrum_virtualize_software:6.2:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Spectrum Virtualize Software",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "Storwize V5000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "Storwize V3500",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "Storwize V7000 (2076)",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "Storwize V3700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "FlashSystem V9000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "SAN Volume Controller",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
}
]
},
{
"product": "Spectrum Virtualize for Public Cloud",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
}
]Related
cvelist
cvelist
CVE-2018-1461
2018-05-14 00:00:00
prion
prion
Cross site scripting
2018-05-17 21:29:00
nvd
nvd
CVE-2018-1461
2018-05-17 21:29:00
ibm
ibm
packetstorm
packetstorm
zdt
zdt
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.7%
Related for CVE-2018-1461