CVE-2018-1822

Published: Oct 18, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.

Affected (2)

Products: Ibm: Flashsystem 900 Firmware, Flashsystem 840 Firmware

2 products

Flashsystem 900 Firmware

Flashsystem 840 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Flashsystem 900 Firmware	Version 1.4

Running on/with	Platform Versions
Ibm Flashsystem 900	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Flashsystem 840 Firmware	Version 1.4

Running on/with	Platform Versions
Ibm Flashsystem 840	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://www.ibm.com/support/docview.wss?uid=ibm10732962

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/150296

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

http://www.ibm.com/support/docview.wss?uid=ibm10732962

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/150296

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

Timeline

No history available yet.