CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2018/05/18 12:0 a.m.•1 views

Cross-site scripting vulnerability in multiple IBM products (CNVD-2018-13181)

IBM SAN Volume Controller SVC, built with IBM Spectrum Storage software, is a reliable system that helps improve the data value, security and ease of use of new and existing storage infrastructures.The IBM Storwize product family provides all-flash, hybrid storage solutions with common features a...

5.4CVSS6.1AI score0.00307EPSS

CNVD•added 2018/05/18 12:0 a.m.•0 views

Cross-site request forgery vulnerability in multiple IBM products (CNVD-2018-13179)

8.8CVSS8.1AI score0.00142EPSS

CNVD•added 2018/05/18 12:0 a.m.•0 views

Multiple IBM Products Arbitrary File Read Vulnerability

7.5CVSS7.5AI score0.00292EPSS

CNVD•added 2018/05/18 12:0 a.m.•0 views

Information Disclosure Vulnerability in Multiple IBM Products (CNVD-2018-11111111)

6.5CVSS6.8AI score0.00251EPSS

CNVD•added 2018/05/18 12:0 a.m.•1 views

File Access Vulnerability in Multiple IBM Products (CNVD-2018-13180)

7.6CVSS7.4AI score0.00446EPSS

CNVD•added 2018/05/18 12:0 a.m.•2 views

Arbitrary File Read Vulnerability in Multiple IBM Products (CNVD-2018-13174)

7.5CVSS7.7AI score0.00215EPSS

Exploits3References1

CVE-2018-1464

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 could allow an authenticated user to obtain sensitive information that they should not have authorization t...

6.5CVSS5.8AI score

5.3CVSS5.8AI score0.00251EPSS

CVE-2018-1465

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 could allow an authenticated user to obtain the private key which could make intercepting GUI communication...

NVD•added 2018/05/17 9:29 p.m.•8 views

CVE-2018-1463

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 could allow an authenticated user to access system files they should not have access to some of which could...

6.5CVSS7.2AI score0.00165EPSS

OSV•added 2018/05/17 9:29 p.m.•1 views

CVE-2018-1466

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive...

5.3CVSS5.8AI score

CVE-2018-1463

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 could allow an authenticated user to access system files they should not have access to some of which could...

6.5CVSS5.8AI score

NVD•added 2018/05/17 9:29 p.m.•12 views

CVE-2018-1438

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM...

7.5CVSS7.8AI score0.00292EPSS

NVD•added 2018/05/17 9:29 p.m.•10 views

CVE-2018-1433

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM...

7.5CVSS7.9AI score0.00215EPSS

Exploits3References5

Prion•added 2018/05/17 9:29 p.m.•14 views

Cross site request forgery (csrf)

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

6.8CVSS8.4AI score0.00142EPSS

Exploits2References5Affected Software8

CVE-2018-1462

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 could allow an authenticated user to access system files they should not have access to including deleting...

7.6CVSS5.8AI score

NVD•added 2018/05/17 9:29 p.m.•15 views

CVE-2018-1464

6.5CVSS7AI score0.00251EPSS

Prion•added 2018/05/17 9:29 p.m.•13 views

Authorization

4CVSS6.9AI score0.00251EPSS

Exploits2References5Affected Software8

NVD•added 2018/05/17 9:29 p.m.•7 views

CVE-2018-1462

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 could allow an authenticated user to access system files they should not have access to including deleting...

7.6CVSS7.8AI score0.00446EPSS