CVE-2018-1775

CVSS 6.5 MEDIUMEPSS 1.9%

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 1.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

27 Feb 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.

CVSS:3.0/A:N/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:T

Affected products

IBM · FlashSystem 9100 Family IBM · FlashSystem V9000 IBM · SAN Volume Controller IBM · Spectrum Virtualize for Public Cloud IBM · Spectrum Virtualize Software IBM · torwize V3500 IBM · torwize V3700 IBM · torwize V5000 IBM · torwize V7000

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/148757 https://www.ibm.com/support/docview.wss?uid=ibm10872486 http://www.securityfocus.com/bid/107187