// For flags

CVE-2018-1433

IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.

En los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1), web handler /DownloadFile no requiere autenticación para leer archivos arbitrarios del sistema. IBM X-Force ID: 139473.

Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. They include cross site request forgery, arbitrary file read, unauthenticated access, and various other vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-12-13 CVE Reserved
  • 2018-05-14 CVE Published
  • 2023-11-17 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ibm
Search vendor "Ibm"
Storwize V7000 Firmware
Search vendor "Ibm" for product "Storwize V7000 Firmware"
>= 6.1.0.0 < 7.5.0.14
Search vendor "Ibm" for product "Storwize V7000 Firmware" and version " >= 6.1.0.0 < 7.5.0.14"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V7000
Search vendor "Ibm" for product "Storwize V7000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V7000 Firmware
Search vendor "Ibm" for product "Storwize V7000 Firmware"
>= 7.7.0.0 < 7.7.1.9
Search vendor "Ibm" for product "Storwize V7000 Firmware" and version " >= 7.7.0.0 < 7.7.1.9"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V7000
Search vendor "Ibm" for product "Storwize V7000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V7000 Firmware
Search vendor "Ibm" for product "Storwize V7000 Firmware"
>= 7.8.0.0 < 7.8.1.6
Search vendor "Ibm" for product "Storwize V7000 Firmware" and version " >= 7.8.0.0 < 7.8.1.6"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V7000
Search vendor "Ibm" for product "Storwize V7000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V7000 Firmware
Search vendor "Ibm" for product "Storwize V7000 Firmware"
>= 8.1.1.0 < 8.1.1.2
Search vendor "Ibm" for product "Storwize V7000 Firmware" and version " >= 8.1.1.0 < 8.1.1.2"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V7000
Search vendor "Ibm" for product "Storwize V7000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V7000 Firmware
Search vendor "Ibm" for product "Storwize V7000 Firmware"
>= 8.1.2.0 < 8.1.2.1
Search vendor "Ibm" for product "Storwize V7000 Firmware" and version " >= 8.1.2.0 < 8.1.2.1"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V7000
Search vendor "Ibm" for product "Storwize V7000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V5000 Firmware
Search vendor "Ibm" for product "Storwize V5000 Firmware"
>= 6.1.0.0 < 7.5.0.14
Search vendor "Ibm" for product "Storwize V5000 Firmware" and version " >= 6.1.0.0 < 7.5.0.14"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V5000
Search vendor "Ibm" for product "Storwize V5000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V5000 Firmware
Search vendor "Ibm" for product "Storwize V5000 Firmware"
>= 7.7.0.0 < 7.7.1.9
Search vendor "Ibm" for product "Storwize V5000 Firmware" and version " >= 7.7.0.0 < 7.7.1.9"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V5000
Search vendor "Ibm" for product "Storwize V5000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V5000 Firmware
Search vendor "Ibm" for product "Storwize V5000 Firmware"
>= 7.8.0.0 < 7.8.1.6
Search vendor "Ibm" for product "Storwize V5000 Firmware" and version " >= 7.8.0.0 < 7.8.1.6"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V5000
Search vendor "Ibm" for product "Storwize V5000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V5000 Firmware
Search vendor "Ibm" for product "Storwize V5000 Firmware"
>= 8.1.1.0 < 8.1.1.2
Search vendor "Ibm" for product "Storwize V5000 Firmware" and version " >= 8.1.1.0 < 8.1.1.2"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V5000
Search vendor "Ibm" for product "Storwize V5000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V5000 Firmware
Search vendor "Ibm" for product "Storwize V5000 Firmware"
>= 8.1.2.0 < 8.1.2.1
Search vendor "Ibm" for product "Storwize V5000 Firmware" and version " >= 8.1.2.0 < 8.1.2.1"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V5000
Search vendor "Ibm" for product "Storwize V5000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V3700 Firmware
Search vendor "Ibm" for product "Storwize V3700 Firmware"
>= 6.1.0.0 < 7.5.0.14
Search vendor "Ibm" for product "Storwize V3700 Firmware" and version " >= 6.1.0.0 < 7.5.0.14"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V3700
Search vendor "Ibm" for product "Storwize V3700"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V3700 Firmware
Search vendor "Ibm" for product "Storwize V3700 Firmware"
>= 7.7.0.0 < 7.7.1.9
Search vendor "Ibm" for product "Storwize V3700 Firmware" and version " >= 7.7.0.0 < 7.7.1.9"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V3700
Search vendor "Ibm" for product "Storwize V3700"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V3700 Firmware
Search vendor "Ibm" for product "Storwize V3700 Firmware"
>= 7.8.0.0 < 7.8.1.6
Search vendor "Ibm" for product "Storwize V3700 Firmware" and version " >= 7.8.0.0 < 7.8.1.6"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V3700
Search vendor "Ibm" for product "Storwize V3700"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V3700 Firmware
Search vendor "Ibm" for product "Storwize V3700 Firmware"
>= 8.1.1.0 < 8.1.1.2
Search vendor "Ibm" for product "Storwize V3700 Firmware" and version " >= 8.1.1.0 < 8.1.1.2"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V3700
Search vendor "Ibm" for product "Storwize V3700"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V3700 Firmware
Search vendor "Ibm" for product "Storwize V3700 Firmware"
>= 8.1.2.0 < 8.1.2.1
Search vendor "Ibm" for product "Storwize V3700 Firmware" and version " >= 8.1.2.0 < 8.1.2.1"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V3700
Search vendor "Ibm" for product "Storwize V3700"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V3500 Firmware
Search vendor "Ibm" for product "Storwize V3500 Firmware"
>= 6.1.0.0 < 7.5.0.14
Search vendor "Ibm" for product "Storwize V3500 Firmware" and version " >= 6.1.0.0 < 7.5.0.14"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V3500
Search vendor "Ibm" for product "Storwize V3500"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V3500 Firmware
Search vendor "Ibm" for product "Storwize V3500 Firmware"
>= 7.7.0.0 < 7.7.1.9
Search vendor "Ibm" for product "Storwize V3500 Firmware" and version " >= 7.7.0.0 < 7.7.1.9"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V3500
Search vendor "Ibm" for product "Storwize V3500"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V3500 Firmware
Search vendor "Ibm" for product "Storwize V3500 Firmware"
>= 7.8.0.0 < 7.8.1.6
Search vendor "Ibm" for product "Storwize V3500 Firmware" and version " >= 7.8.0.0 < 7.8.1.6"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V3500
Search vendor "Ibm" for product "Storwize V3500"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V3500 Firmware
Search vendor "Ibm" for product "Storwize V3500 Firmware"
>= 8.1.1.0 < 8.1.1.2
Search vendor "Ibm" for product "Storwize V3500 Firmware" and version " >= 8.1.1.0 < 8.1.1.2"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V3500
Search vendor "Ibm" for product "Storwize V3500"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V3500 Firmware
Search vendor "Ibm" for product "Storwize V3500 Firmware"
>= 8.1.2.0 < 8.1.2.1
Search vendor "Ibm" for product "Storwize V3500 Firmware" and version " >= 8.1.2.0 < 8.1.2.1"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V3500
Search vendor "Ibm" for product "Storwize V3500"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V9000 Firmware
Search vendor "Ibm" for product "Storwize V9000 Firmware"
>= 6.1.0.0 < 7.5.0.14
Search vendor "Ibm" for product "Storwize V9000 Firmware" and version " >= 6.1.0.0 < 7.5.0.14"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V9000
Search vendor "Ibm" for product "Storwize V9000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V9000 Firmware
Search vendor "Ibm" for product "Storwize V9000 Firmware"
>= 7.7.0.0 < 7.7.1.9
Search vendor "Ibm" for product "Storwize V9000 Firmware" and version " >= 7.7.0.0 < 7.7.1.9"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V9000
Search vendor "Ibm" for product "Storwize V9000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V9000 Firmware
Search vendor "Ibm" for product "Storwize V9000 Firmware"
>= 7.8.0.0 < 7.8.1.6
Search vendor "Ibm" for product "Storwize V9000 Firmware" and version " >= 7.8.0.0 < 7.8.1.6"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V9000
Search vendor "Ibm" for product "Storwize V9000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V9000 Firmware
Search vendor "Ibm" for product "Storwize V9000 Firmware"
>= 8.1.1.0 < 8.1.1.2
Search vendor "Ibm" for product "Storwize V9000 Firmware" and version " >= 8.1.1.0 < 8.1.1.2"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V9000
Search vendor "Ibm" for product "Storwize V9000"
--
Safe
Ibm
Search vendor "Ibm"
Storwize V9000 Firmware
Search vendor "Ibm" for product "Storwize V9000 Firmware"
>= 8.1.2.0 < 8.1.2.1
Search vendor "Ibm" for product "Storwize V9000 Firmware" and version " >= 8.1.2.0 < 8.1.2.1"
-
Affected
in Ibm
Search vendor "Ibm"
Storwize V9000
Search vendor "Ibm" for product "Storwize V9000"
--
Safe
Ibm
Search vendor "Ibm"
San Volume Controller Firmware
Search vendor "Ibm" for product "San Volume Controller Firmware"
>= 6.1.0.0 < 7.5.0.14
Search vendor "Ibm" for product "San Volume Controller Firmware" and version " >= 6.1.0.0 < 7.5.0.14"
-
Affected
in Ibm
Search vendor "Ibm"
San Volume Controller
Search vendor "Ibm" for product "San Volume Controller"
--
Safe
Ibm
Search vendor "Ibm"
San Volume Controller Firmware
Search vendor "Ibm" for product "San Volume Controller Firmware"
>= 7.7.0.0 < 7.7.1.9
Search vendor "Ibm" for product "San Volume Controller Firmware" and version " >= 7.7.0.0 < 7.7.1.9"
-
Affected
in Ibm
Search vendor "Ibm"
San Volume Controller
Search vendor "Ibm" for product "San Volume Controller"
--
Safe
Ibm
Search vendor "Ibm"
San Volume Controller Firmware
Search vendor "Ibm" for product "San Volume Controller Firmware"
>= 7.8.0.0 < 7.8.1.6
Search vendor "Ibm" for product "San Volume Controller Firmware" and version " >= 7.8.0.0 < 7.8.1.6"
-
Affected
in Ibm
Search vendor "Ibm"
San Volume Controller
Search vendor "Ibm" for product "San Volume Controller"
--
Safe
Ibm
Search vendor "Ibm"
San Volume Controller Firmware
Search vendor "Ibm" for product "San Volume Controller Firmware"
>= 8.1.1.0 < 8.1.1.2
Search vendor "Ibm" for product "San Volume Controller Firmware" and version " >= 8.1.1.0 < 8.1.1.2"
-
Affected
in Ibm
Search vendor "Ibm"
San Volume Controller
Search vendor "Ibm" for product "San Volume Controller"
--
Safe
Ibm
Search vendor "Ibm"
San Volume Controller Firmware
Search vendor "Ibm" for product "San Volume Controller Firmware"
>= 8.1.2.0 < 8.1.2.1
Search vendor "Ibm" for product "San Volume Controller Firmware" and version " >= 8.1.2.0 < 8.1.2.1"
-
Affected
in Ibm
Search vendor "Ibm"
San Volume Controller
Search vendor "Ibm" for product "San Volume Controller"
--
Safe
Ibm
Search vendor "Ibm"
Spectrum Virtualize
Search vendor "Ibm" for product "Spectrum Virtualize"
>= 6.1.0.0 < 7.5.0.14
Search vendor "Ibm" for product "Spectrum Virtualize" and version " >= 6.1.0.0 < 7.5.0.14"
-
Affected
Ibm
Search vendor "Ibm"
Spectrum Virtualize
Search vendor "Ibm" for product "Spectrum Virtualize"
>= 7.7.0.0 < 7.7.1.9
Search vendor "Ibm" for product "Spectrum Virtualize" and version " >= 7.7.0.0 < 7.7.1.9"
-
Affected
Ibm
Search vendor "Ibm"
Spectrum Virtualize
Search vendor "Ibm" for product "Spectrum Virtualize"
>= 7.8.0.0 < 7.8.1.6
Search vendor "Ibm" for product "Spectrum Virtualize" and version " >= 7.8.0.0 < 7.8.1.6"
-
Affected
Ibm
Search vendor "Ibm"
Spectrum Virtualize
Search vendor "Ibm" for product "Spectrum Virtualize"
>= 8.1.1.0 < 8.1.1.2
Search vendor "Ibm" for product "Spectrum Virtualize" and version " >= 8.1.1.0 < 8.1.1.2"
-
Affected
Ibm
Search vendor "Ibm"
Spectrum Virtualize
Search vendor "Ibm" for product "Spectrum Virtualize"
>= 8.1.2.0 < 8.1.2.1
Search vendor "Ibm" for product "Spectrum Virtualize" and version " >= 8.1.2.0 < 8.1.2.1"
-
Affected
Ibm
Search vendor "Ibm"
Spectrum Virtualize For Public Cloud
Search vendor "Ibm" for product "Spectrum Virtualize For Public Cloud"
>= 6.1.0.0 < 7.5.0.14
Search vendor "Ibm" for product "Spectrum Virtualize For Public Cloud" and version " >= 6.1.0.0 < 7.5.0.14"
-
Affected
Ibm
Search vendor "Ibm"
Spectrum Virtualize For Public Cloud
Search vendor "Ibm" for product "Spectrum Virtualize For Public Cloud"
>= 7.7.0.0 < 7.7.1.9
Search vendor "Ibm" for product "Spectrum Virtualize For Public Cloud" and version " >= 7.7.0.0 < 7.7.1.9"
-
Affected
Ibm
Search vendor "Ibm"
Spectrum Virtualize For Public Cloud
Search vendor "Ibm" for product "Spectrum Virtualize For Public Cloud"
>= 7.8.0.0 < 7.8.1.6
Search vendor "Ibm" for product "Spectrum Virtualize For Public Cloud" and version " >= 7.8.0.0 < 7.8.1.6"
-
Affected
Ibm
Search vendor "Ibm"
Spectrum Virtualize For Public Cloud
Search vendor "Ibm" for product "Spectrum Virtualize For Public Cloud"
>= 8.1.1.0 < 8.1.1.2
Search vendor "Ibm" for product "Spectrum Virtualize For Public Cloud" and version " >= 8.1.1.0 < 8.1.1.2"
-
Affected
Ibm
Search vendor "Ibm"
Spectrum Virtualize For Public Cloud
Search vendor "Ibm" for product "Spectrum Virtualize For Public Cloud"
>= 8.1.2.0 < 8.1.2.1
Search vendor "Ibm" for product "Spectrum Virtualize For Public Cloud" and version " >= 8.1.2.0 < 8.1.2.1"
-
Affected