Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1775

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.

Published

2019-02-27T22:29:00.380

Last Modified

2024-11-21T04:00:20.820

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-200
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ibm spectrum_virtualize_software ≤ 8.2 Yes
Hardware ibm flashsystem_v9000 - No
Hardware ibm flashsystem_v9100 - No
Hardware ibm san_volume_controller - No
Hardware ibm storwize_v3500 - No
Hardware ibm storwize_v3700 - No
Hardware ibm storwize_v5000 - No
Hardware ibm storwize_v7000 - No
Application ibm spectrum_virtualize_software_for_public_cloud ≤ 8.2 Yes
Hardware ibm flashsystem_v9000 - No
Hardware ibm flashsystem_v9100 - No
Hardware ibm san_volume_controller - No
Hardware ibm storwize_v3500 - No
Hardware ibm storwize_v3700 - No
Hardware ibm storwize_v5000 - No
Hardware ibm storwize_v7000 - No
References