CVE-2018-1463

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=ssg1S1012263	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=ssg1S1012282	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=ssg1S1012283	Vendor Advisory
http://www.securityfocus.com/bid/104349	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/140368	VDB Entry Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=ssg1S1012263	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=ssg1S1012282	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=ssg1S1012283	Vendor Advisory
http://www.securityfocus.com/bid/104349	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/140368	VDB Entry Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:ibm:storwize_v7000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v7000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v7000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v7000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v7000_firmware::::::::

cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:ibm:storwize_v5000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v5000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v5000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v5000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v5000_firmware::::::::

cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:ibm:storwize_v3700_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3700_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3700_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3700_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3700_firmware::::::::

cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:ibm:storwize_v3500_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3500_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3500_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3500_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3500_firmware::::::::

cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:ibm:storwize_v9000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v9000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v9000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v9000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v9000_firmware::::::::

cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:ibm:san_volume_controller_firmware::::::::
	cpe:2.3:o:ibm:san_volume_controller_firmware::::::::
	cpe:2.3:o:ibm:san_volume_controller_firmware::::::::
	cpe:2.3:o:ibm:san_volume_controller_firmware::::::::
	cpe:2.3:o:ibm:san_volume_controller_firmware::::::::

cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*

Configuration 7 (hide)

OR	cpe:2.3:a:ibm:spectrum_virtualize::::::::
	cpe:2.3:a:ibm:spectrum_virtualize::::::::
	cpe:2.3:a:ibm:spectrum_virtualize::::::::
	cpe:2.3:a:ibm:spectrum_virtualize::::::::
	cpe:2.3:a:ibm:spectrum_virtualize::::::::

Configuration 8 (hide)

OR	cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud::::::::
	cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud::::::::
	cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud::::::::
	cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud::::::::
	cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud::::::::

History

21 Nov 2024, 03:59

Type	Values Removed	Values Added
References	~~() http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 - Vendor Advisory~~	() http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 - Vendor Advisory
References	~~() http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 - Vendor Advisory~~	() http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 - Vendor Advisory
References	~~() http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 - Vendor Advisory~~	() http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/104349 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/104349 - Third Party Advisory, VDB Entry
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/140368 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/140368 - VDB Entry, Vendor Advisory

Information

Published : 2018-05-17 21:29

Updated : 2024-11-21 03:59

NVD link : CVE-2018-1463

Mitre link : CVE-2018-1463

CVE.ORG link : CVE-2018-1463

JSON object : View

Products Affected

ibm

spectrum_virtualize_for_public_cloud
storwize_v7000
storwize_v5000
storwize_v3700
storwize_v7000_firmware
storwize_v5000_firmware
storwize_v3500_firmware
storwize_v3500
san_volume_controller_firmware
spectrum_virtualize
san_volume_controller
storwize_v3700_firmware
storwize_v9000
storwize_v9000_firmware

CWE

CWE-863

Incorrect Authorization

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2018-1463

6.5^/10

4.0^/10

Attach tags to `CVE-2018-1463`