Search
Find a vulnerability
Search criteria
6 vulnerabilities found for flashsystem_900_firmware by ibm
CVE-2020-4987 (GCVE-0-2020-4987)
Vulnerability from nvd – Published: 2021-05-04 15:45 – Updated: 2024-09-17 03:59
VLAI
Summary
The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity
CWE
- Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6449280 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | FlashSystem 900 |
Affected:
1.6.1.2
Affected: 1.5.2.8 |
Date Public
2021-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:07.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6449280"
},
{
"name": "ibm-flashsystem-cve20204987-xss (192702)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlashSystem 900",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.6.1.2"
},
{
"status": "affected",
"version": "1.5.2.8"
}
]
}
],
"datePublic": "2021-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/UI:N/S:C/AC:L/I:L/PR:L/AV:N/C:L/RL:O/RC:C/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-14T11:33:34.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6449280"
},
{
"name": "ibm-flashsystem-cve20204987-xss (192702)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-05-03T00:00:00",
"ID": "CVE-2020-4987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashSystem 900",
"version": {
"version_data": [
{
"version_value": "1.6.1.2"
},
{
"version_value": "1.5.2.8"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "N"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6449280",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6449280 (FlashSystem 900)",
"url": "https://www.ibm.com/support/pages/node/6449280"
},
{
"name": "ibm-flashsystem-cve20204987-xss (192702)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4987",
"datePublished": "2021-05-04T15:45:14.502Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:59:23.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1822 (GCVE-0-2018-1822)
Vulnerability from nvd – Published: 2018-10-18 16:00 – Updated: 2025-02-13 16:27
VLAI
Summary
IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.
Severity
9.8 (Critical)
CWE
- Bypass Security
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.ibm.com/support/docview.wss?uid=ibm10732962 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | FlashSystem 900 |
Date Public
2018-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-flashsystem-cve20181822-sec-bypass(150296)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10732962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "FlashSystem 900",
"vendor": "IBM"
}
],
"datePublic": "2018-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T03:01:03.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-flashsystem-cve20181822-sec-bypass(150296)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10732962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-1822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashSystem 900",
"version": {
"version_data": [
{
"version_value": "900"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-flashsystem-cve20181822-sec-bypass(150296)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150296"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10732962",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10732962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1822",
"datePublished": "2018-10-18T16:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:18.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1495 (GCVE-0-2018-1495)
Vulnerability from nvd – Published: 2018-05-29 17:00 – Updated: 2025-02-13 16:27
VLAI
Summary
IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.
Severity
CWE
- Denial of Service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012281 | x_refsource_CONFIRM |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012280 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | FlashSystem V900 | ||
| IBM | FlashSystem V840 |
Date Public
2018-05-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-flashsystem-cve20181495-dos(141148)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "FlashSystem V900",
"vendor": "IBM"
},
{
"defaultStatus": "affected",
"product": "FlashSystem V840",
"vendor": "IBM"
}
],
"datePublic": "2018-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:N/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T03:01:03.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-flashsystem-cve20181495-dos(141148)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-05-11T00:00:00",
"ID": "CVE-2018-1495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashSystem V900",
"version": {
"version_data": [
{
"version_value": "V900"
}
]
}
},
{
"product_name": "FlashSystem V840",
"version": {
"version_data": [
{
"version_value": "V840"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-flashsystem-cve20181495-dos(141148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1495",
"datePublished": "2018-05-29T17:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:16.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4987 (GCVE-0-2020-4987)
Vulnerability from cvelistv5 – Published: 2021-05-04 15:45 – Updated: 2024-09-17 03:59
VLAI
Summary
The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity
CWE
- Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6449280 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | FlashSystem 900 |
Affected:
1.6.1.2
Affected: 1.5.2.8 |
Date Public
2021-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:07.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6449280"
},
{
"name": "ibm-flashsystem-cve20204987-xss (192702)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlashSystem 900",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.6.1.2"
},
{
"status": "affected",
"version": "1.5.2.8"
}
]
}
],
"datePublic": "2021-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/UI:N/S:C/AC:L/I:L/PR:L/AV:N/C:L/RL:O/RC:C/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-14T11:33:34.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6449280"
},
{
"name": "ibm-flashsystem-cve20204987-xss (192702)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-05-03T00:00:00",
"ID": "CVE-2020-4987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashSystem 900",
"version": {
"version_data": [
{
"version_value": "1.6.1.2"
},
{
"version_value": "1.5.2.8"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "N"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6449280",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6449280 (FlashSystem 900)",
"url": "https://www.ibm.com/support/pages/node/6449280"
},
{
"name": "ibm-flashsystem-cve20204987-xss (192702)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4987",
"datePublished": "2021-05-04T15:45:14.502Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:59:23.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1822 (GCVE-0-2018-1822)
Vulnerability from cvelistv5 – Published: 2018-10-18 16:00 – Updated: 2025-02-13 16:27
VLAI
Summary
IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.
Severity
9.8 (Critical)
CWE
- Bypass Security
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.ibm.com/support/docview.wss?uid=ibm10732962 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | FlashSystem 900 |
Date Public
2018-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-flashsystem-cve20181822-sec-bypass(150296)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10732962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "FlashSystem 900",
"vendor": "IBM"
}
],
"datePublic": "2018-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T03:01:03.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-flashsystem-cve20181822-sec-bypass(150296)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10732962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-1822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashSystem 900",
"version": {
"version_data": [
{
"version_value": "900"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-flashsystem-cve20181822-sec-bypass(150296)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150296"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10732962",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10732962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1822",
"datePublished": "2018-10-18T16:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:18.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1495 (GCVE-0-2018-1495)
Vulnerability from cvelistv5 – Published: 2018-05-29 17:00 – Updated: 2025-02-13 16:27
VLAI
Summary
IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.
Severity
CWE
- Denial of Service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012281 | x_refsource_CONFIRM |
| http://www.ibm.com/support/docview.wss?uid=ssg1S1012280 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | FlashSystem V900 | ||
| IBM | FlashSystem V840 |
Date Public
2018-05-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-flashsystem-cve20181495-dos(141148)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "FlashSystem V900",
"vendor": "IBM"
},
{
"defaultStatus": "affected",
"product": "FlashSystem V840",
"vendor": "IBM"
}
],
"datePublic": "2018-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:N/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T03:01:03.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-flashsystem-cve20181495-dos(141148)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-05-11T00:00:00",
"ID": "CVE-2018-1495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashSystem V900",
"version": {
"version_data": [
{
"version_value": "V900"
}
]
}
},
{
"product_name": "FlashSystem V840",
"version": {
"version_data": [
{
"version_value": "V840"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-flashsystem-cve20181495-dos(141148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1495",
"datePublished": "2018-05-29T17:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:16.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}