CVE-2017-1710 — Improper Privilege Management in IBM Storwize V7000

3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

4.2%

top 11.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Storwize V7000 IBM Flashsystem V9000 Firmware IBM SAN Volume Controller Firmware +2 more

Timeline

PublishedNov 13

Latest updateMay 13

Description

A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5ibm/storwize_v70008.1

▶NVDibm/storwize_v7000_firmware8.1

▶NVDibm/storwize_v5000_firmware8.1

▶NVDibm/flashsystem_v9000_firmware8.1

▶NVDibm/san_volume_controller_firmware8.1

🔴Vulnerability Details

GHSA

GHSA-j25f-cxxh-862j: A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8↗2022-05-13

▶

CVEList

CVE-2017-1710: A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8↗2017-11-13

▶