CVE-2018-1822

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Flashsystem 900
Vendor: CVE Published:; 18 October 2018

Summary

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/150296

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=ibm10732962

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2018
Vulnerability Reserved
Dec 13, 2017