Code injection

2018-05-1721:29:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.

CPENameOperatorVersion
san_volume_controller_firmwarege6.1.0.0
san_volume_controller_firmwarelt7.5.0.14
san_volume_controller_firmwarege7.7.0.0
san_volume_controller_firmwarelt7.7.1.9
san_volume_controller_firmwarege7.8.0.0
san_volume_controller_firmwarelt7.8.1.6
san_volume_controller_firmwarege8.1.1.0
san_volume_controller_firmwarelt8.1.1.2
san_volume_controller_firmwarege8.1.2.0
san_volume_controller_firmwarelt8.1.2.1

Name	Operator	Version
san_volume_controller_firmware	ge	6.1.0.0
san_volume_controller_firmware	lt	7.5.0.14
san_volume_controller_firmware	ge	7.7.0.0
san_volume_controller_firmware	lt	7.7.1.9
san_volume_controller_firmware	ge	7.8.0.0
san_volume_controller_firmware	lt	7.8.1.6
san_volume_controller_firmware	ge	8.1.1.0
san_volume_controller_firmware	lt	8.1.1.2
san_volume_controller_firmware	ge	8.1.2.0
san_volume_controller_firmware	lt	8.1.2.1