CVE-2018-1461

Published: May 17, 2018Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.

Affected (40)

Products: Ibm: Storwize V7000 Firmware, Storwize V5000 Firmware, Storwize V3700 Firmware, Storwize V3500 Firmware, Storwize V9000 Firmware, San Volume Controller Firmware, Spectrum Virtualize, Spectrum Virtualize For Public Cloud

Ibm

8 products

Storwize V7000 Firmware

Storwize V5000 Firmware

Storwize V3700 Firmware

Storwize V3500 Firmware

Storwize V9000 Firmware

San Volume Controller Firmware

Spectrum Virtualize

Spectrum Virtualize For Public Cloud

Configuration A

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Storwize V7000 Firmware	From 6.1.0.0 to 7.5.0.14
Ibm Storwize V7000 Firmware	From 7.7.0.0 to 7.7.1.9
Ibm Storwize V7000 Firmware	From 7.8.0.0 to 7.8.1.6
Ibm Storwize V7000 Firmware	From 8.1.1.0 to 8.1.1.2
Ibm Storwize V7000 Firmware	From 8.1.2.0 to 8.1.2.1

Running on/with	Platform Versions
Ibm Storwize V7000	All versions

Configuration B

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Storwize V5000 Firmware	From 6.1.0.0 to 7.5.0.14
Ibm Storwize V5000 Firmware	From 7.7.0.0 to 7.7.1.9
Ibm Storwize V5000 Firmware	From 7.8.0.0 to 7.8.1.6
Ibm Storwize V5000 Firmware	From 8.1.1.0 to 8.1.1.2
Ibm Storwize V5000 Firmware	From 8.1.2.0 to 8.1.2.1

Running on/with	Platform Versions
Ibm Storwize V5000	All versions

Configuration C

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Storwize V3700 Firmware	From 6.1.0.0 to 7.5.0.14
Ibm Storwize V3700 Firmware	From 7.7.0.0 to 7.7.1.9
Ibm Storwize V3700 Firmware	From 7.8.0.0 to 7.8.1.6
Ibm Storwize V3700 Firmware	From 8.1.1.0 to 8.1.1.2
Ibm Storwize V3700 Firmware	From 8.1.2.0 to 8.1.2.1

Running on/with	Platform Versions
Ibm Storwize V3700	All versions

Configuration D

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Storwize V3500 Firmware	From 6.1.0.0 to 7.5.0.14
Ibm Storwize V3500 Firmware	From 7.7.0.0 to 7.7.1.9
Ibm Storwize V3500 Firmware	From 7.8.0.0 to 7.8.1.6
Ibm Storwize V3500 Firmware	From 8.1.1.0 to 8.1.1.2
Ibm Storwize V3500 Firmware	From 8.1.2.0 to 8.1.2.1

Running on/with	Platform Versions
Ibm Storwize V3500	All versions

Configuration E

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Storwize V9000 Firmware	From 6.1.0.0 to 7.5.0.14
Ibm Storwize V9000 Firmware	From 7.7.0.0 to 7.7.1.9
Ibm Storwize V9000 Firmware	From 7.8.0.0 to 7.8.1.6
Ibm Storwize V9000 Firmware	From 8.1.1.0 to 8.1.1.2
Ibm Storwize V9000 Firmware	From 8.1.2.0 to 8.1.2.1

Running on/with	Platform Versions
Ibm Storwize V9000	All versions

Configuration F

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm San Volume Controller Firmware	From 6.1.0.0 to 7.5.0.14
Ibm San Volume Controller Firmware	From 7.7.0.0 to 7.7.1.9
Ibm San Volume Controller Firmware	From 7.8.0.0 to 7.8.1.6
Ibm San Volume Controller Firmware	From 8.1.1.0 to 8.1.1.2
Ibm San Volume Controller Firmware	From 8.1.2.0 to 8.1.2.1

Running on/with	Platform Versions
Ibm San Volume Controller	All versions

Configuration G

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Spectrum Virtualize	From 6.1.0.0 to 7.5.0.14
Ibm Spectrum Virtualize	From 7.7.0.0 to 7.7.1.9
Ibm Spectrum Virtualize	From 7.8.0.0 to 7.8.1.6
Ibm Spectrum Virtualize	From 8.1.1.0 to 8.1.1.2
Ibm Spectrum Virtualize	From 8.1.2.0 to 8.1.2.1

Configuration H

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Spectrum Virtualize For Public Cloud	From 6.1.0.0 to 7.5.0.14
Ibm Spectrum Virtualize For Public Cloud	From 7.7.0.0 to 7.7.1.9
Ibm Spectrum Virtualize For Public Cloud	From 7.8.0.0 to 7.8.1.6
Ibm Spectrum Virtualize For Public Cloud	From 8.1.1.0 to 8.1.1.2
Ibm Spectrum Virtualize For Public Cloud	From 8.1.2.0 to 8.1.2.1