← Back

CVE-2018-1434

nvd nist
Published: May 17, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.

Affected (40)

Ibm
8 products
Storwize V7000 Firmware
Storwize V5000 Firmware
Storwize V3700 Firmware
Storwize V3500 Firmware
Storwize V9000 Firmware
San Volume Controller Firmware
Spectrum Virtualize
Spectrum Virtualize For Public Cloud
Configuration A
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ibm
Storwize V7000 Firmware
From 6.1.0.0 to 7.5.0.14
Storwize V7000 Firmware
From 7.7.0.0 to 7.7.1.9
Storwize V7000 Firmware
From 7.8.0.0 to 7.8.1.6
Storwize V7000 Firmware
From 8.1.1.0 to 8.1.1.2
Storwize V7000 Firmware
From 8.1.2.0 to 8.1.2.1
Running on/withPlatform Versions
Ibm
Storwize V7000
All versions
Configuration B
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ibm
Storwize V5000 Firmware
From 6.1.0.0 to 7.5.0.14
Storwize V5000 Firmware
From 7.7.0.0 to 7.7.1.9
Storwize V5000 Firmware
From 7.8.0.0 to 7.8.1.6
Storwize V5000 Firmware
From 8.1.1.0 to 8.1.1.2
Storwize V5000 Firmware
From 8.1.2.0 to 8.1.2.1
Running on/withPlatform Versions
Ibm
Storwize V5000
All versions
Configuration C
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ibm
Storwize V3700 Firmware
From 6.1.0.0 to 7.5.0.14
Storwize V3700 Firmware
From 7.7.0.0 to 7.7.1.9
Storwize V3700 Firmware
From 7.8.0.0 to 7.8.1.6
Storwize V3700 Firmware
From 8.1.1.0 to 8.1.1.2
Storwize V3700 Firmware
From 8.1.2.0 to 8.1.2.1
Running on/withPlatform Versions
Ibm
Storwize V3700
All versions
Configuration D
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ibm
Storwize V3500 Firmware
From 6.1.0.0 to 7.5.0.14
Storwize V3500 Firmware
From 7.7.0.0 to 7.7.1.9
Storwize V3500 Firmware
From 7.8.0.0 to 7.8.1.6
Storwize V3500 Firmware
From 8.1.1.0 to 8.1.1.2
Storwize V3500 Firmware
From 8.1.2.0 to 8.1.2.1
Running on/withPlatform Versions
Ibm
Storwize V3500
All versions
Configuration E
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ibm
Storwize V9000 Firmware
From 6.1.0.0 to 7.5.0.14
Storwize V9000 Firmware
From 7.7.0.0 to 7.7.1.9
Storwize V9000 Firmware
From 7.8.0.0 to 7.8.1.6
Storwize V9000 Firmware
From 8.1.1.0 to 8.1.1.2
Storwize V9000 Firmware
From 8.1.2.0 to 8.1.2.1
Running on/withPlatform Versions
Ibm
Storwize V9000
All versions
Configuration F
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ibm
San Volume Controller Firmware
From 6.1.0.0 to 7.5.0.14
San Volume Controller Firmware
From 7.7.0.0 to 7.7.1.9
San Volume Controller Firmware
From 7.8.0.0 to 7.8.1.6
San Volume Controller Firmware
From 8.1.1.0 to 8.1.1.2
San Volume Controller Firmware
From 8.1.2.0 to 8.1.2.1
Running on/withPlatform Versions
Ibm
San Volume Controller
All versions
Configuration G
5 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Spectrum Virtualize
From 6.1.0.0 to 7.5.0.14
Spectrum Virtualize
From 7.7.0.0 to 7.7.1.9
Spectrum Virtualize
From 7.8.0.0 to 7.8.1.6
Spectrum Virtualize
From 8.1.1.0 to 8.1.1.2
Spectrum Virtualize
From 8.1.2.0 to 8.1.2.1
Configuration H
5 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Spectrum Virtualize For Public Cloud
From 6.1.0.0 to 7.5.0.14
Spectrum Virtualize For Public Cloud
From 7.7.0.0 to 7.7.1.9
Spectrum Virtualize For Public Cloud
From 7.8.0.0 to 7.8.1.6
Spectrum Virtualize For Public Cloud
From 8.1.1.0 to 8.1.1.2
Spectrum Virtualize For Public Cloud
From 8.1.2.0 to 8.1.2.1

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (10)

Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Third Party AdvisoryVDB Entry
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory

Timeline

No history available yet.