Vulnerabilities > CVE-2018-1462 - Incorrect Authorization vulnerability in IBM products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
HIGH Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/147601/ibmflashsystemstorwize-filereadxsrf.txt |
id | PACKETSTORM:147601 |
last seen | 2018-05-15 |
published | 2018-05-14 |
reporter | Jan Bee |
source | https://packetstormsecurity.com/files/147601/IBM-Flashsystem-Storwize-CSRF-Arbitrary-File-Read-Information-Disclosure.html |
title | IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure |
References
- http://www.ibm.com/support/docview.wss?uid=ssg1S1012263
- http://www.ibm.com/support/docview.wss?uid=ssg1S1012263
- http://www.ibm.com/support/docview.wss?uid=ssg1S1012282
- http://www.ibm.com/support/docview.wss?uid=ssg1S1012282
- http://www.ibm.com/support/docview.wss?uid=ssg1S1012283
- http://www.ibm.com/support/docview.wss?uid=ssg1S1012283
- http://www.securityfocus.com/bid/104349
- http://www.securityfocus.com/bid/104349
- https://exchange.xforce.ibmcloud.com/vulnerabilities/140363
- https://exchange.xforce.ibmcloud.com/vulnerabilities/140363