CVSS: 5.3EPSS: 0%CPEs: 46EXPL: 0CVE-2018-1466 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1466
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397. Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) emplean algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 140397. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/140397 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0CVE-2018-1433 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1433
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473. En los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1), web handler /DownloadFile no requiere autenticación para leer archivos arbitrarios del sistema. IBM X-Force ID: 139473. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/139473 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0CVE-2018-1438 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1438
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566. En los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1), web handler /DLSnap podría permitir que un atacante no autenticado lea archivos arbitrarios del sistema. IBM X-Force ID: 139566. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/139566 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 46EXPL: 0CVE-2018-1462 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1462
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363. Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) podrían permitir que un usuario autenticado acceda a archivos del sistema a los que no debería tener acceso, incluyendo la eliminación de archivos o provocar una denegación de servicio (DoS). IBM X-Force ID: 140363. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/140363 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 46EXPL: 0CVE-2018-1434 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1434
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474. Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) son vulnerables a Cross-Site Request Forgery (CSRF), lo que podría permitir que un atacante ejecute acciones maliciosas no autorizadas transmitidas de un usuario en el que confía el sitio web. IBM X-Force ID: 139474. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/139474 • CWE-352: Cross-Site Request Forgery (CSRF) •