CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29873
https://notcve.org/view.php?id=CVE-2021-29873
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229. IBM Flash System 900 podría permitir a un atacante autenticado conseguir información confidencial y causar una denegación de servicio debido a una vulnerabilidad de escape de shell restringido. IBM X-Force ID: 206229 • https://exchange.xforce.ibmcloud.com/vulnerabilities/206229 https://www.ibm.com/support/pages/node/6497111 https://www.ibm.com/support/pages/node/6507091 •
CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0CVE-2018-1433 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1433
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473. En los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1), web handler /DownloadFile no requiere autenticación para leer archivos arbitrarios del sistema. IBM X-Force ID: 139473. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/139473 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0CVE-2018-1438 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1438
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566. En los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1), web handler /DLSnap podría permitir que un atacante no autenticado lea archivos arbitrarios del sistema. IBM X-Force ID: 139566. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/139566 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 46EXPL: 0CVE-2018-1463 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1463
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368. Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) podrían permitir que un usuario autenticado acceda a archivos del sistema a los que no debería tener acceso, algunos de los cuales podrían contener credenciales de cuenta. IBM X-Force ID: 140368. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/140368 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 46EXPL: 0CVE-2018-1465 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1465
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396. Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) podrían permitir que un usuario autenticado obtenga la clave privada que podría posibilitar la interceptación de comunicaciones en la interfaz gráfica de usuario. IBM X-Force ID: 140396. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/140396 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •