CVE-2018-1434

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*

Configuration 8 (hide)

OR cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:59

Type Values Removed Values Added
References () http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 - Vendor Advisory () http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 - Vendor Advisory
References () http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 - Vendor Advisory () http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 - Vendor Advisory
References () http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 - Vendor Advisory () http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 - Vendor Advisory
References () http://www.securityfocus.com/bid/104349 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/104349 - Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/139474 - VDB Entry, Vendor Advisory () https://exchange.xforce.ibmcloud.com/vulnerabilities/139474 - VDB Entry, Vendor Advisory

Information

Published : 2018-05-17 21:29

Updated : 2024-11-21 03:59


NVD link : CVE-2018-1434

Mitre link : CVE-2018-1434

CVE.ORG link : CVE-2018-1434


JSON object : View

Products Affected

ibm

  • spectrum_virtualize_for_public_cloud
  • storwize_v7000
  • storwize_v5000
  • storwize_v3700
  • storwize_v7000_firmware
  • storwize_v5000_firmware
  • storwize_v3500_firmware
  • storwize_v3500
  • san_volume_controller_firmware
  • spectrum_virtualize
  • san_volume_controller
  • storwize_v3700_firmware
  • storwize_v9000
  • storwize_v9000_firmware
CWE
CWE-352

Cross-Site Request Forgery (CSRF)