Cross-site Scripting Vulnerability in IBM SAN Volume Controller and FlashSystem
CVE-2018-1461
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 17 May 2018
Summary
Several IBM products, including SAN Volume Controller and FlashSystem, have a vulnerability that allows for cross-site scripting (XSS). This flaw enables attackers to inject arbitrary JavaScript code into the Web UI, impairing functionality and possibly leading to sensitive information exposure, such as credentials within a secure session. The affected versions span from 6.1 to 8.1.1, highlighting a significant security concern that users must address.
Affected Version(s)
FlashSystem V9000 7.5
FlashSystem V9000 7.6
FlashSystem V9000 7.6.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved