CVE-2018-1595 - OpenCVE

IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Platform Symphony Spectrum Symphony

Configuration 1 [-]

OR	cpe:2.3:a:ibm:platform_symphony:6.1.1:::::::*
	cpe:2.3:a:ibm:platform_symphony:7.1.0:::::::*
	cpe:2.3:a:ibm:platform_symphony:7.1.1:::::::*
	cpe:2.3:a:ibm:spectrum_symphony:7.1.2:::::::*
	cpe:2.3:a:ibm:spectrum_symphony:7.2.0.2:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104956
https://exchange.xforce.ibmcloud.com/vulnerabilities/143622
https://www.ibm.com/support/docview.wss?uid=isg3T1027819

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2018-08-01T17:00:00Z

Updated: 2024-09-16T20:38:05.362Z

Reserved: 2017-12-13T00:00:00

Link: CVE-2018-1595

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-08-01T17:29:00.503

Modified: 2019-10-09T23:38:42.477

Link: CVE-2018-1595

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Spectrum Symphony", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.2.0.2"}, {"status": "affected", "version": "7.1.2"}]}], "datePublic": "2018-07-23T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.7, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-04T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "104956", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104956"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/docview.wss?uid=isg3T1027819"}, {"name": "ibm-symphony-cve20181595-code-exec(143622)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143622"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-07-23T00:00:00", "ID": "CVE-2018-1595", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spectrum Symphony", "version": {"version_data": [{"version_value": "7.2.0.2"}, {"version_value": "7.1.2"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "L", "AV": "N", "C": "H", "I": "H", "PR": "L", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "104956", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104956"}, {"name": "https://www.ibm.com/support/docview.wss?uid=isg3T1027819", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=isg3T1027819"}, {"name": "ibm-symphony-cve20181595-code-exec(143622)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143622"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:07:43.993Z"}, "title": "CVE Program Container", "references": [{"name": "104956", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104956"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/docview.wss?uid=isg3T1027819"}, {"name": "ibm-symphony-cve20181595-code-exec(143622)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143622"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1595", "datePublished": "2018-08-01T17:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T20:38:05.362Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:platform_symphony:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "382B022D-9EEA-4A0A-87AC-D94ACCA1A177", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:platform_symphony:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "495837A4-A740-4BD9-BE23-4F092B7A8681", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:platform_symphony:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7E5393B9-E99A-406F-9793-5048220805EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_symphony:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "EA27E6AD-74E3-4DF3-A24D-D4C7BF73A739", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_symphony:7.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "72D28E42-7AD1-4FE5-BE6E-76DD90D8DC67", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622."}, {"lang": "es", "value": "IBM Spectrum Symphony y Platform Symphony 7.1.2 y 7.2.0.2 podr\u00edan permitir que un usuario autenticado ejecute comandos arbitrarios debido al manejo incorrecto de entradas proporcionadas por el usuario. IBM X-Force ID: 143622."}], "id": "CVE-2018-1595", "lastModified": "2019-10-09T23:38:42.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2018-08-01T17:29:00.503", "references": [{"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104956"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143622"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/docview.wss?uid=isg3T1027819"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}