File Download Vulnerability in IBM SAN Volume Controller and IBM FlashSystem
CVE-2018-1775

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Torwize V7000; Torwize V3500; Torwize V3700; Spectrum Virtualize For Public Cloud
Vendor: CVE Published:; 27 February 2019

What is CVE-2018-1775?

Certain versions of IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, and IBM FlashSystem allow authenticated users to download arbitrary files from the operating system, potentially exposing sensitive information. Careful consideration of user access privileges and prompt patching are crucial to mitigating risk associated with this vulnerability.