Information Disclosure in IBM Storwize V7000 Unified Management Interface
CVE-2018-1467

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Storwize V7000 Unified (2073)
Vendor
CVE Published:
25 May 2018

Summary

The IBM Storwize V7000 Unified management web interface version 1.6 exposes sensitive internal cluster details to unauthenticated users, potentially allowing for unauthorized access to critical system information. This vulnerability raises concerns regarding data confidentiality and can lead to further security risks if exploited.

Affected Version(s)

Storwize V7000 Unified (2073) 1.6

References

http://www.securityfocus.com/bid/104290
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=ssg1S1012293
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/140398
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.