Search criteria
4 vulnerabilities found for FlashSystem 9100 Family by IBM
CVE-2021-29873 (GCVE-0-2021-29873)
Vulnerability from nvd – Published: 2021-10-21 16:40 – Updated: 2024-09-16 20:17
VLAI
Summary
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
Severity
CWE
- Gain Privileges
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6497111 | x_refsource_CONFIRM |
| https://www.ibm.com/support/pages/node/6507091 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | FlashSystem 900 |
Affected:
1.6.1.4
Affected: 1.5.2.10 |
|
| IBM | FlashSystem V9000 |
Affected:
7.8
Affected: 8.4 |
|
| IBM | Storwize V3500 |
Affected:
7.8
Affected: 8.4 |
|
| IBM | Storwize V5000 |
Affected:
7.8
Affected: 8.4 |
|
| IBM | Storwize V5100 |
Affected:
8.4
Affected: 7.8 |
|
| IBM | FlashSystem 9100 Family |
Affected:
8.4
Affected: 7.8 |
|
| IBM | Storwize V3700 |
Affected:
7.8
Affected: 8.4 |
|
| IBM | SAN Volume Controller |
Affected:
7.8
Affected: 8.4 |
|
| IBM | Storwize V7000 |
Affected:
8.4
Affected: 7.8 |
|
| IBM | Spectrum Virtualize Software |
Affected:
7.8
Affected: 8.4 |
|
| IBM | Spectrum Virtualize for Public Cloud |
Affected:
7.8
Affected: 8.4 |
Date Public
2021-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6497111"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6507091"
},
{
"name": "ibm-storwize-cve202129873-priv-escalation (206229)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlashSystem 900",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.6.1.4"
},
{
"status": "affected",
"version": "1.5.2.10"
}
]
},
{
"product": "FlashSystem V9000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
},
{
"product": "Storwize V3500",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
},
{
"product": "Storwize V5000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
},
{
"product": "Storwize V5100",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "7.8"
}
]
},
{
"product": "FlashSystem 9100 Family",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "7.8"
}
]
},
{
"product": "Storwize V3700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
},
{
"product": "SAN Volume Controller",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
},
{
"product": "Storwize V7000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "7.8"
}
]
},
{
"product": "Spectrum Virtualize Software",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
},
{
"product": "Spectrum Virtualize for Public Cloud",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
}
],
"datePublic": "2021-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AV:N/I:H/PR:L/C:H/S:U/UI:N/AC:L/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T16:40:13.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6497111"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6507091"
},
{
"name": "ibm-storwize-cve202129873-priv-escalation (206229)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-20T00:00:00",
"ID": "CVE-2021-29873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashSystem 900",
"version": {
"version_data": [
{
"version_value": "1.6.1.4"
},
{
"version_value": "1.5.2.10"
}
]
}
},
{
"product_name": "FlashSystem V9000",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"product_name": "Storwize V3500",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"product_name": "Storwize V5000",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"product_name": "Storwize V5100",
"version": {
"version_data": [
{
"version_value": "8.4"
},
{
"version_value": "7.8"
}
]
}
},
{
"product_name": "FlashSystem 9100 Family",
"version": {
"version_data": [
{
"version_value": "8.4"
},
{
"version_value": "7.8"
}
]
}
},
{
"product_name": "Storwize V3700",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"product_name": "SAN Volume Controller",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"product_name": "Storwize V7000",
"version": {
"version_data": [
{
"version_value": "8.4"
},
{
"version_value": "7.8"
}
]
}
},
{
"product_name": "Spectrum Virtualize Software",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"product_name": "Spectrum Virtualize for Public Cloud",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6497111",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6497111 (SAN Volume Controller)",
"url": "https://www.ibm.com/support/pages/node/6497111"
},
{
"name": "https://www.ibm.com/support/pages/node/6507091",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6507091 (FlashSystem 900)",
"url": "https://www.ibm.com/support/pages/node/6507091"
},
{
"name": "ibm-storwize-cve202129873-priv-escalation (206229)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29873",
"datePublished": "2021-10-21T16:40:13.636Z",
"dateReserved": "2021-03-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:17:23.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1775 (GCVE-0-2018-1775)
Vulnerability from nvd – Published: 2019-02-27 22:00 – Updated: 2024-09-16 18:43
VLAI
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.
Severity
CWE
- Obtain Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/107187 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.ibm.com/support/docview.wss?uid=ibm10872486 | x_refsource_CONFIRM |
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | torwize V7000 |
Affected:
7.5
Affected: 8.2 |
|
| IBM | torwize V3500 |
Affected:
7.5
Affected: 8.2 |
|
| IBM | torwize V3700 |
Affected:
7.5
Affected: 8.2 |
|
| IBM | Spectrum Virtualize for Public Cloud |
Affected:
7.5
Affected: 8.2 |
|
| IBM | Spectrum Virtualize Software |
Affected:
7.5
Affected: 8.2 |
|
| IBM | SAN Volume Controller |
Affected:
7.5
Affected: 8.2 |
|
| IBM | FlashSystem V9000 |
Affected:
7.5
Affected: 8.2 |
|
| IBM | torwize V5000 |
Affected:
7.5
Affected: 8.2 |
|
| IBM | FlashSystem 9100 Family |
Affected:
7.5
Affected: 8.2 |
Date Public
2019-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107187",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107187"
},
{
"name": "ibm-storwize-cve20181775-file-download(148757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "torwize V7000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "torwize V3500",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "torwize V3700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "Spectrum Virtualize for Public Cloud",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "Spectrum Virtualize Software",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "SAN Volume Controller",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "FlashSystem V9000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "torwize V5000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "FlashSystem 9100 Family",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
}
],
"datePublic": "2019-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "TEMPORARY_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:T",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "107187",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107187"
},
{
"name": "ibm-storwize-cve20181775-file-download(148757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-02-25T00:00:00",
"ID": "CVE-2018-1775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "torwize V7000",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "torwize V3500",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "torwize V3700",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "Spectrum Virtualize for Public Cloud",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "Spectrum Virtualize Software",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "SAN Volume Controller",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "FlashSystem V9000",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "torwize V5000",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "FlashSystem 9100 Family",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "T"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107187"
},
{
"name": "ibm-storwize-cve20181775-file-download(148757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10872486",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1775",
"datePublished": "2019-02-27T22:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:43:43.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29873 (GCVE-0-2021-29873)
Vulnerability from cvelistv5 – Published: 2021-10-21 16:40 – Updated: 2024-09-16 20:17
VLAI
Summary
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
Severity
CWE
- Gain Privileges
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6497111 | x_refsource_CONFIRM |
| https://www.ibm.com/support/pages/node/6507091 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | FlashSystem 900 |
Affected:
1.6.1.4
Affected: 1.5.2.10 |
|
| IBM | FlashSystem V9000 |
Affected:
7.8
Affected: 8.4 |
|
| IBM | Storwize V3500 |
Affected:
7.8
Affected: 8.4 |
|
| IBM | Storwize V5000 |
Affected:
7.8
Affected: 8.4 |
|
| IBM | Storwize V5100 |
Affected:
8.4
Affected: 7.8 |
|
| IBM | FlashSystem 9100 Family |
Affected:
8.4
Affected: 7.8 |
|
| IBM | Storwize V3700 |
Affected:
7.8
Affected: 8.4 |
|
| IBM | SAN Volume Controller |
Affected:
7.8
Affected: 8.4 |
|
| IBM | Storwize V7000 |
Affected:
8.4
Affected: 7.8 |
|
| IBM | Spectrum Virtualize Software |
Affected:
7.8
Affected: 8.4 |
|
| IBM | Spectrum Virtualize for Public Cloud |
Affected:
7.8
Affected: 8.4 |
Date Public
2021-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6497111"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6507091"
},
{
"name": "ibm-storwize-cve202129873-priv-escalation (206229)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlashSystem 900",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.6.1.4"
},
{
"status": "affected",
"version": "1.5.2.10"
}
]
},
{
"product": "FlashSystem V9000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
},
{
"product": "Storwize V3500",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
},
{
"product": "Storwize V5000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
},
{
"product": "Storwize V5100",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "7.8"
}
]
},
{
"product": "FlashSystem 9100 Family",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "7.8"
}
]
},
{
"product": "Storwize V3700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
},
{
"product": "SAN Volume Controller",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
},
{
"product": "Storwize V7000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "7.8"
}
]
},
{
"product": "Spectrum Virtualize Software",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
},
{
"product": "Spectrum Virtualize for Public Cloud",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.8"
},
{
"status": "affected",
"version": "8.4"
}
]
}
],
"datePublic": "2021-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AV:N/I:H/PR:L/C:H/S:U/UI:N/AC:L/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T16:40:13.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6497111"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6507091"
},
{
"name": "ibm-storwize-cve202129873-priv-escalation (206229)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-20T00:00:00",
"ID": "CVE-2021-29873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashSystem 900",
"version": {
"version_data": [
{
"version_value": "1.6.1.4"
},
{
"version_value": "1.5.2.10"
}
]
}
},
{
"product_name": "FlashSystem V9000",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"product_name": "Storwize V3500",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"product_name": "Storwize V5000",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"product_name": "Storwize V5100",
"version": {
"version_data": [
{
"version_value": "8.4"
},
{
"version_value": "7.8"
}
]
}
},
{
"product_name": "FlashSystem 9100 Family",
"version": {
"version_data": [
{
"version_value": "8.4"
},
{
"version_value": "7.8"
}
]
}
},
{
"product_name": "Storwize V3700",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"product_name": "SAN Volume Controller",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"product_name": "Storwize V7000",
"version": {
"version_data": [
{
"version_value": "8.4"
},
{
"version_value": "7.8"
}
]
}
},
{
"product_name": "Spectrum Virtualize Software",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"product_name": "Spectrum Virtualize for Public Cloud",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6497111",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6497111 (SAN Volume Controller)",
"url": "https://www.ibm.com/support/pages/node/6497111"
},
{
"name": "https://www.ibm.com/support/pages/node/6507091",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6507091 (FlashSystem 900)",
"url": "https://www.ibm.com/support/pages/node/6507091"
},
{
"name": "ibm-storwize-cve202129873-priv-escalation (206229)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29873",
"datePublished": "2021-10-21T16:40:13.636Z",
"dateReserved": "2021-03-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:17:23.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1775 (GCVE-0-2018-1775)
Vulnerability from cvelistv5 – Published: 2019-02-27 22:00 – Updated: 2024-09-16 18:43
VLAI
Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.
Severity
CWE
- Obtain Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/107187 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.ibm.com/support/docview.wss?uid=ibm10872486 | x_refsource_CONFIRM |
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | torwize V7000 |
Affected:
7.5
Affected: 8.2 |
|
| IBM | torwize V3500 |
Affected:
7.5
Affected: 8.2 |
|
| IBM | torwize V3700 |
Affected:
7.5
Affected: 8.2 |
|
| IBM | Spectrum Virtualize for Public Cloud |
Affected:
7.5
Affected: 8.2 |
|
| IBM | Spectrum Virtualize Software |
Affected:
7.5
Affected: 8.2 |
|
| IBM | SAN Volume Controller |
Affected:
7.5
Affected: 8.2 |
|
| IBM | FlashSystem V9000 |
Affected:
7.5
Affected: 8.2 |
|
| IBM | torwize V5000 |
Affected:
7.5
Affected: 8.2 |
|
| IBM | FlashSystem 9100 Family |
Affected:
7.5
Affected: 8.2 |
Date Public
2019-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107187",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107187"
},
{
"name": "ibm-storwize-cve20181775-file-download(148757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "torwize V7000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "torwize V3500",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "torwize V3700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "Spectrum Virtualize for Public Cloud",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "Spectrum Virtualize Software",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "SAN Volume Controller",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "FlashSystem V9000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "torwize V5000",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
},
{
"product": "FlashSystem 9100 Family",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "8.2"
}
]
}
],
"datePublic": "2019-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "TEMPORARY_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:T",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "107187",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107187"
},
{
"name": "ibm-storwize-cve20181775-file-download(148757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-02-25T00:00:00",
"ID": "CVE-2018-1775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "torwize V7000",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "torwize V3500",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "torwize V3700",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "Spectrum Virtualize for Public Cloud",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "Spectrum Virtualize Software",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "SAN Volume Controller",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "FlashSystem V9000",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "torwize V5000",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
},
{
"product_name": "FlashSystem 9100 Family",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "T"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107187"
},
{
"name": "ibm-storwize-cve20181775-file-download(148757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10872486",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1775",
"datePublished": "2019-02-27T22:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:43:43.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}