Lucene search
IbmCVE-2018-1462HistoryMay 17, 2018 - 9:29 p.m.
CVE-2018-1462
2018-05-1721:29:00
CWE-863
ibm
web.nvd.nist.gov
42
ibm
san volume controller
storwize
spectrum virtualize
flashsystem
cve-2018-1462
security vulnerability
access control
file deletion
denial of service
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
AI Score
7.6
Confidence
High
EPSS
0.003
Percentile
68.1%
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.
Affected configurations
Node
ibmstorwize_v7000_firmwareRange6.1.0.0–7.5.0.14
ORibmstorwize_v7000_firmwareRange7.7.0.0–7.7.1.9
ORibmstorwize_v7000_firmwareRange7.8.0.0–7.8.1.6
ORibmstorwize_v7000_firmwareRange8.1.1.0–8.1.1.2
ORibmstorwize_v7000_firmwareRange8.1.2.0–8.1.2.1
ibmstorwize_v7000Match-
Node
ibmstorwize_v5000_firmwareRange6.1.0.0–7.5.0.14
ORibmstorwize_v5000_firmwareRange7.7.0.0–7.7.1.9
ORibmstorwize_v5000_firmwareRange7.8.0.0–7.8.1.6
ORibmstorwize_v5000_firmwareRange8.1.1.0–8.1.1.2
ORibmstorwize_v5000_firmwareRange8.1.2.0–8.1.2.1
ibmstorwize_v5000Match-
Node
ibmstorwize_v3700_firmwareRange6.1.0.0–7.5.0.14
ORibmstorwize_v3700_firmwareRange7.7.0.0–7.7.1.9
ORibmstorwize_v3700_firmwareRange7.8.0.0–7.8.1.6
ORibmstorwize_v3700_firmwareRange8.1.1.0–8.1.1.2
ORibmstorwize_v3700_firmwareRange8.1.2.0–8.1.2.1
ibmstorwize_v3700Match-
Node
ibmstorwize_v3500_firmwareRange6.1.0.0–7.5.0.14
ORibmstorwize_v3500_firmwareRange7.7.0.0–7.7.1.9
ORibmstorwize_v3500_firmwareRange7.8.0.0–7.8.1.6
ORibmstorwize_v3500_firmwareRange8.1.1.0–8.1.1.2
ORibmstorwize_v3500_firmwareRange8.1.2.0–8.1.2.1
ibmstorwize_v3500Match-
Node
ibmstorwize_v9000_firmwareRange6.1.0.0–7.5.0.14
ORibmstorwize_v9000_firmwareRange7.7.0.0–7.7.1.9
ORibmstorwize_v9000_firmwareRange7.8.0.0–7.8.1.6
ORibmstorwize_v9000_firmwareRange8.1.1.0–8.1.1.2
ORibmstorwize_v9000_firmwareRange8.1.2.0–8.1.2.1
ibmstorwize_v9000Match-
Node
ibmsan_volume_controller_firmwareRange6.1.0.0–7.5.0.14
ORibmsan_volume_controller_firmwareRange7.7.0.0–7.7.1.9
ORibmsan_volume_controller_firmwareRange7.8.0.0–7.8.1.6
ORibmsan_volume_controller_firmwareRange8.1.1.0–8.1.1.2
ORibmsan_volume_controller_firmwareRange8.1.2.0–8.1.2.1
ibmsan_volume_controllerMatch-
Node
ibmspectrum_virtualizeRange6.1.0.0–7.5.0.14
ORibmspectrum_virtualizeRange7.7.0.0–7.7.1.9
ORibmspectrum_virtualizeRange7.8.0.0–7.8.1.6
ORibmspectrum_virtualizeRange8.1.1.0–8.1.1.2
ORibmspectrum_virtualizeRange8.1.2.0–8.1.2.1
Node
ibmspectrum_virtualize_for_public_cloudRange6.1.0.0–7.5.0.14
ORibmspectrum_virtualize_for_public_cloudRange7.7.0.0–7.7.1.9
ORibmspectrum_virtualize_for_public_cloudRange7.8.0.0–7.8.1.6
ORibmspectrum_virtualize_for_public_cloudRange8.1.1.0–8.1.1.2
ORibmspectrum_virtualize_for_public_cloudRange8.1.2.0–8.1.2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | storwize_v7000_firmware | * | cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:* |
| ibm | storwize_v7000 | - | cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:* |
| ibm | storwize_v5000_firmware | * | cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:* |
| ibm | storwize_v5000 | - | cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:* |
| ibm | storwize_v3700_firmware | * | cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:* |
| ibm | storwize_v3700 | - | cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:* |
| ibm | storwize_v3500_firmware | * | cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:* |
| ibm | storwize_v3500 | - | cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:* |
| ibm | storwize_v9000_firmware | * | cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:* |
| ibm | storwize_v9000 | - | cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Storwize V3700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "Spectrum Virtualize Software",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "SAN Volume Controller",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
}
]
},
{
"product": "Storwize V5000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "Storwize V7000 (2076)",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "FlashSystem V9000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "Storwize V3500",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
},
{
"product": "Spectrum Virtualize for Public Cloud",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.7"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "8.1.1"
}
]
}
]Related
prion
prion
Code injection
2018-05-17 21:29:00
cvelist
cvelist
CVE-2018-1462
2018-05-17 21:00:00
nvd
nvd
CVE-2018-1462
2018-05-17 21:29:00
ibm
ibm
packetstorm
packetstorm
zdt
zdt
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
AI Score
7.6
Confidence
High
EPSS
0.003
Percentile
68.1%
Related for CVE-2018-1462