CVSS: 6.5EPSS: 0%CPEs: 46EXPL: 0CVE-2018-1463 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1463
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368. Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) podrían permitir que un usuario autenticado acceda a archivos del sistema a los que no debería tener acceso, algunos de los cuales podrían contener credenciales de cuenta. IBM X-Force ID: 140368. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/140368 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1710
https://notcve.org/view.php?id=CVE-2017-1710
A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531. Una vulnerabilidad en el Service Assistant GUI en IBM Storwize V7000 (2076) 8.1 podría permitir que un atacante remoto realice un escalado de privilegios. IBM X-Force ID: 134531. • http://www.ibm.com/support/docview.wss?uid=ssg1S1010788 http://www.securityfocus.com/bid/101770 http://www.securitytracker.com/id/1039776 https://exchange.xforce.ibmcloud.com/vulnerabilities/134531 •