CVE-2018-1434

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:storwize_v9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*

Configuration 8 (hide)

OR cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*

Information

Published : 2018-05-17 14:29

Updated : 2020-08-19 12:11


NVD link : CVE-2018-1434

Mitre link : CVE-2018-1434


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

ibm

  • storwize_v7000_firmware
  • storwize_v3700
  • spectrum_virtualize
  • storwize_v5000
  • storwize_v9000_firmware
  • storwize_v7000
  • spectrum_virtualize_for_public_cloud
  • storwize_v3700_firmware
  • storwize_v3500
  • san_volume_controller_firmware
  • storwize_v9000
  • storwize_v3500_firmware
  • storwize_v5000_firmware
  • san_volume_controller