| Vulnerability Name: | CVE-2018-1775 (CCN-148757) | ||||||||||||
| Assigned: | 2017-12-13 | ||||||||||||
| Published: | 2019-02-25 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757. | ||||||||||||
| CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:T/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:T/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-1775 Source: CCN Type: IBM Security Bulletin 881207 (FlashSystem 840) A vulnerability affects the IBM FlashSystem 840 and 900 Source: BID Type: Third Party Advisory, VDB Entry 107187 Source: XF Type: UNKNOWN ibm-storwize-cve20181775-file-download(148757) Source: XF Type: VDB Entry, Vendor Advisory ibm-storwize-cve20181775-file-download(148757) Source: CCN Type: IBM Security Bulletin 872486 (SAN Volume Controller) Vulnerability in Service Assistant affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-1775) Source: CONFIRM Type: Vendor Advisory https://www.ibm.com/support/docview.wss?uid=ibm10872486 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||