CVE-2018-1775
Summary
| CVE | CVE-2018-1775 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-02-27 22:29:00 UTC |
| Updated | 2019-10-09 23:39:00 UTC |
| Description | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ibm | Flashsystem V9000 | - | All | All | All |
| Hardware | Ibm | Flashsystem V9000 | - | All | All | All |
| Hardware | Ibm | Flashsystem V9100 | - | All | All | All |
| Hardware | Ibm | Flashsystem V9100 | - | All | All | All |
| Hardware | Ibm | San Volume Controller | - | All | All | All |
| Hardware | Ibm | San Volume Controller | - | All | All | All |
| Application | Ibm | Spectrum Virtualize Software | All | All | All | All |
| Application | Ibm | Spectrum Virtualize Software For Public Cloud | All | All | All | All |
| Hardware | Ibm | Storwize V3500 | - | All | All | All |
| Hardware | Ibm | Storwize V3500 | - | All | All | All |
| Hardware | Ibm | Storwize V3700 | - | All | All | All |
| Hardware | Ibm | Storwize V3700 | - | All | All | All |
| Hardware | Ibm | Storwize V5000 | - | All | All | All |
| Hardware | Ibm | Storwize V5000 | - | All | All | All |
| Hardware | Ibm | Storwize V7000 | - | All | All | All |
| Hardware | Ibm | Storwize V7000 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | VDB Entry, Vendor Advisory |
| Security Bulletin: Vulnerability in Service Assistant affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-1775) | CONFIRM | www.ibm.com | Vendor Advisory |
| Multiple IBM Products CVE-2018-1775 Arbitrary File Download Vulnerabilitiy | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.