IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.
References
Link | Resource |
---|---|
http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 | Vendor Advisory |
http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 | Vendor Advisory |
http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 | Vendor Advisory |
http://www.securityfocus.com/bid/104349 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/139566 | VDB Entry Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
No history.
Information
Published : 2018-05-17 21:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-1438
Mitre link : CVE-2018-1438
CVE.ORG link : CVE-2018-1438
JSON object : View
Products Affected
ibm
- storwize_v9000
- san_volume_controller
- storwize_v3500
- spectrum_virtualize
- san_volume_controller_firmware
- storwize_v3700_firmware
- storwize_v3700
- storwize_v9000_firmware
- storwize_v5000
- spectrum_virtualize_for_public_cloud
- storwize_v7000
- storwize_v5000_firmware
- storwize_v7000_firmware
- storwize_v3500_firmware
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor