Information Disclosure in IBM FlashSystem and Storage Products
CVE-2018-1465

5.3MEDIUM

Key Information:

Summary

A vulnerability exists in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, and IBM FlashSystem products that could allow an authenticated user to access the private key, potentially enabling interception of GUI communications and compromising sensitive information. This issue affects a wide range of product versions, enhancing the urgency for users to implement necessary security measures. For detailed mitigation strategies, refer to IBM's official documentation.

Affected Version(s)

FlashSystem V9000 7.5

FlashSystem V9000 7.6

FlashSystem V9000 7.6.1

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.