Information Disclosure in IBM FlashSystem and Storage Products
CVE-2018-1465

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Storwize V3500
San Volume Controller
Spectrum Virtualize Software
Spectrum Virtualize For Public Cloud
Vendor
CVE Published:
17 May 2018

Summary

A vulnerability exists in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, and IBM FlashSystem products that could allow an authenticated user to access the private key, potentially enabling interception of GUI communications and compromising sensitive information. This issue affects a wide range of product versions, enhancing the urgency for users to implement necessary security measures. For detailed mitigation strategies, refer to IBM's official documentation.

Affected Version(s)

FlashSystem V9000 7.5

FlashSystem V9000 7.6

FlashSystem V9000 7.6.1

References

http://www.ibm.com/support/docview.wss?uid=ssg1S1012282
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104349
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/140396
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.