CVE-2018-1775 - OpenCVE

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Flashsystem V9000 Flashsystem V9100 San Volume Controller Spectrum Virtualize Software Spectrum Virtualize Software For Public Cloud Storwize V3500 Storwize V3700 Storwize V5000 Storwize V7000

Configuration 1 [-]

AND

cpe:2.3:a:ibm:spectrum_virtualize_software:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:ibm:flashsystem_v9000:-:::::::*
	cpe:2.3:h:ibm:flashsystem_v9100:-:::::::*
	cpe:2.3:h:ibm:san_volume_controller:-:::::::*
	cpe:2.3:h:ibm:storwize_v3500:-:::::::*
	cpe:2.3:h:ibm:storwize_v3700:-:::::::*
	cpe:2.3:h:ibm:storwize_v5000:-:::::::*
	cpe:2.3:h:ibm:storwize_v7000:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:a:ibm:spectrum_virtualize_software_for_public_cloud:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:ibm:flashsystem_v9000:-:::::::*
	cpe:2.3:h:ibm:flashsystem_v9100:-:::::::*
	cpe:2.3:h:ibm:san_volume_controller:-:::::::*
	cpe:2.3:h:ibm:storwize_v3500:-:::::::*
	cpe:2.3:h:ibm:storwize_v3700:-:::::::*
	cpe:2.3:h:ibm:storwize_v5000:-:::::::*
	cpe:2.3:h:ibm:storwize_v7000:-:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/107187
https://exchange.xforce.ibmcloud.com/vulnerabilities/148757
https://www.ibm.com/support/docview.wss?uid=ibm10872486

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2019-02-27T22:00:00Z

Updated: 2024-09-16T18:43:43.401Z

Reserved: 2017-12-13T00:00:00

Link: CVE-2018-1775

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-02-27T22:29:00.380

Modified: 2019-10-09T23:39:03.773

Link: CVE-2018-1775

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object