Multiple IBM Products Multiple Security Vulnerabilities

Bugtraq ID:	104349
Class:	Input Validation Error
CVE:	CVE-2018-1434 CVE-2018-1438 CVE-2018-1461 CVE-2018-1462 CVE-2018-1463 CVE-2018-1464 CVE-2018-1465 CVE-2018-1466 CVE-2018-1433
Remote:	Yes
Local:	No
Published:	May 11 2018 12:00AM
Updated:	May 11 2018 12:00AM
Credit:	Jan Bee, and Sebastian Neuner from the Google Security Team
Vulnerable:	IBM Storwize V7000 8.1.2.0 IBM Storwize V7000 8.1.1.1 IBM Storwize V7000 8.1.0.1 IBM Storwize V7000 8.1.0.0 IBM Storwize V7000 8.0 IBM Storwize V7000 7.8.1.5 IBM Storwize V7000 7.8 IBM Storwize V7000 7.7.1.8 IBM Storwize V7000 7.7 IBM Storwize V7000 7.6.1.3 IBM Storwize V7000 7.6.1.1 IBM Storwize V7000 7.6.0.4 IBM Storwize V7000 7.6.0.3 IBM Storwize V7000 7.6 IBM Storwize V7000 7.5.0.8 IBM Storwize V7000 7.5.0.7 IBM Storwize V7000 7.5.0.6 IBM Storwize V7000 7.5.0.3 IBM Storwize V7000 7.5.0.2 IBM Storwize V7000 7.5.0.13 IBM Storwize V7000 7.5 IBM Storwize V5000 8.1.2.0 IBM Storwize V5000 8.1.1.1 IBM Storwize V5000 8.1.0.1 IBM Storwize V5000 8.1.0.0 IBM Storwize V5000 8.0 IBM Storwize V5000 7.8.1.5 IBM Storwize V5000 7.8 IBM Storwize V5000 7.7.1.8 IBM Storwize V5000 7.7 IBM Storwize V5000 7.6.1.3 IBM Storwize V5000 7.6.1.1 IBM Storwize V5000 7.6.0.4 IBM Storwize V5000 7.6.0.3 IBM Storwize V5000 7.6 IBM Storwize V5000 7.5.0.8 IBM Storwize V5000 7.5.0.7 IBM Storwize V5000 7.5.0.6 IBM Storwize V5000 7.5.0.3 IBM Storwize V5000 7.5.0.2 IBM Storwize V5000 7.5.0.13 IBM Storwize V5000 7.5 IBM Storwize V3700 8.1.2.0 IBM Storwize V3700 8.1.1.1 IBM Storwize V3700 8.0 IBM Storwize V3700 7.8.1.5 IBM Storwize V3700 7.8 IBM Storwize V3700 7.7.1.8 IBM Storwize V3700 7.7 IBM Storwize V3700 7.6.1.3 IBM Storwize V3700 7.6.1.1 IBM Storwize V3700 7.6.0.4 IBM Storwize V3700 7.6.0.3 IBM Storwize V3700 7.6 IBM Storwize V3700 7.5.0.8 IBM Storwize V3700 7.5.0.7 IBM Storwize V3700 7.5.0.6 IBM Storwize V3700 7.5.0.3 IBM Storwize V3700 7.5.0.2 IBM Storwize V3700 7.5.0.13 IBM Storwize V3700 7.5 IBM Storwize V3500 8.1.2.0 IBM Storwize V3500 8.1.1.1 IBM Storwize V3500 8.0 IBM Storwize V3500 7.8.1.5 IBM Storwize V3500 7.8 IBM Storwize V3500 7.7.1.8 IBM Storwize V3500 7.7 IBM Storwize V3500 7.6.1.3 IBM Storwize V3500 7.6.1.1 IBM Storwize V3500 7.6.0.4 IBM Storwize V3500 7.6.0.3 IBM Storwize V3500 7.6 IBM Storwize V3500 7.5.0.8 IBM Storwize V3500 7.5.0.7 IBM Storwize V3500 7.5.0.6 IBM Storwize V3500 7.5.0.3 IBM Storwize V3500 7.5.0.2 IBM Storwize V3500 7.5.0.13 IBM Storwize V3500 7.5 IBM Spectrum Virtualize Software 8.1.2.0 IBM Spectrum Virtualize Software 8.1.1.1 IBM Spectrum Virtualize Software 8.1 IBM Spectrum Virtualize Software 8.0 IBM Spectrum Virtualize Software 7.8.1.5 IBM Spectrum Virtualize Software 7.8 IBM Spectrum Virtualize Software 7.7.1.8 IBM Spectrum Virtualize Software 7.7 IBM Spectrum Virtualize Software 7.5.0.13 IBM Spectrum Virtualize for Public Cloud 8.1.2.0 IBM Spectrum Virtualize for Public Cloud 8.1.1.1 IBM Spectrum Virtualize for Public Cloud 8.1 IBM Spectrum Virtualize for Public Cloud 8.0 IBM Spectrum Virtualize for Public Cloud 7.8.1.5 IBM Spectrum Virtualize for Public Cloud 7.8 IBM Spectrum Virtualize for Public Cloud 7.7.1.8 IBM Spectrum Virtualize for Public Cloud 7.7 IBM Spectrum Virtualize for Public Cloud 7.5.0.13 IBM Spectrum Virtualize for Public Cloud 7.5 IBM SAN Volume Controller 8.1.2.0 IBM SAN Volume Controller 8.1.1.1 IBM SAN Volume Controller 8.1.0.1 IBM SAN Volume Controller 8.1.0.0 IBM SAN Volume Controller 8.0 IBM SAN Volume Controller 7.8.1.5 IBM SAN Volume Controller 7.8 IBM SAN Volume Controller 7.7.1.8 IBM SAN Volume Controller 7.7 IBM SAN Volume Controller 7.6.1.3 IBM SAN Volume Controller 7.6.1.1 IBM SAN Volume Controller 7.6.0.4 IBM SAN Volume Controller 7.6.0.3 IBM SAN Volume Controller 7.6 IBM SAN Volume Controller 7.5.0.8 IBM SAN Volume Controller 7.5.0.7 IBM SAN Volume Controller 7.5.0.6 IBM SAN Volume Controller 7.5.0.3 IBM SAN Volume Controller 7.5.0.13 IBM SAN Volume Controller 7.5 IBM FlashSystem V9000 8.1.2.0 IBM FlashSystem V9000 8.1.1.1 IBM FlashSystem V9000 8.1.0.1 IBM FlashSystem V9000 8.1.0.0 IBM FlashSystem V9000 8.0 IBM FlashSystem V9000 7.8.1.5 IBM FlashSystem V9000 7.8 IBM FlashSystem V9000 7.7.1.8 IBM FlashSystem V9000 7.7 IBM FlashSystem V9000 7.5.0.13
Not Vulnerable:	IBM Storwize V7000 8.1.2.1 IBM Storwize V7000 8.1.1.2 IBM Storwize V7000 7.8.1.6 IBM Storwize V7000 7.7.1.9 IBM Storwize V7000 7.5.0.14 IBM Storwize V5000 8.1.2.1 IBM Storwize V5000 8.1.1.2 IBM Storwize V5000 7.8.1.6 IBM Storwize V5000 7.7.1.9 IBM Storwize V5000 7.5.0.14 IBM Storwize V3700 8.1.2.1 IBM Storwize V3700 8.1.1.2 IBM Storwize V3700 7.8.1.6 IBM Storwize V3700 7.7.1.9 IBM Storwize V3700 7.5.0.14 IBM Storwize V3500 8.1.2.1 IBM Storwize V3500 8.1.1.2 IBM Storwize V3500 7.8.1.6 IBM Storwize V3500 7.7.1.9 IBM Storwize V3500 7.5.0.14 IBM Spectrum Virtualize Software 8.1.2.1 IBM Spectrum Virtualize Software 8.1.1.2 IBM Spectrum Virtualize Software 7.8.1.6 IBM Spectrum Virtualize Software 7.7.1.9 IBM Spectrum Virtualize Software 7.5.0.14 IBM Spectrum Virtualize for Public Cloud 8.1.2.1 IBM Spectrum Virtualize for Public Cloud 8.1.1.2 IBM Spectrum Virtualize for Public Cloud 7.8.1.6 IBM Spectrum Virtualize for Public Cloud 7.7.1.9 IBM Spectrum Virtualize for Public Cloud 7.5.0.14 IBM SAN Volume Controller 8.1.2.1 IBM SAN Volume Controller 8.1.1.2 IBM SAN Volume Controller 7.8.1.6 IBM SAN Volume Controller 7.7.1.9 IBM SAN Volume Controller 7.5.0.14 IBM FlashSystem V9000 8.1.2.1 IBM FlashSystem V9000 8.1.1.2 IBM FlashSystem V9000 7.8.1.6 IBM FlashSystem V9000 7.7.1.9 IBM FlashSystem V9000 7.5.0.14

Multiple IBM Products Multiple Security Vulnerabilities

Multiple IBM Products are prone to the following multiple security vulnerabilities:

1. Multiple information-disclosure vulnerabilities
2. A cross-site scripting vulnerability
3. An access-bypass vulnerability
4. A security-bypass vulnerability
5. A cross-site request-forgery vulnerability

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, perform unauthorized access, gain unauthorized access to the affected application or to obtain sensitive information.

Multiple IBM Products Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.