CVE-2018-1433
published 2018-05-17CVE-2018-1433: IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.
Affected
42 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | san_volume_controller_firmware | >= 6.1.0.0 < 7.5.0.14 | 7.5.0.14 |
| ibm | san_volume_controller_firmware | >= 7.7.0.0 < 7.7.1.9 | 7.7.1.9 |
| ibm | san_volume_controller_firmware | >= 7.8.0.0 < 7.8.1.6 | 7.8.1.6 |
| ibm | san_volume_controller_firmware | >= 8.1.1.0 < 8.1.1.2 | 8.1.1.2 |
| ibm | san_volume_controller_firmware | >= 8.1.2.0 < 8.1.2.1 | 8.1.2.1 |
| ibm | spectrum_virtualize | >= 6.1.0.0 < 7.5.0.14 | 7.5.0.14 |
| ibm | spectrum_virtualize | >= 7.7.0.0 < 7.7.1.9 | 7.7.1.9 |
| ibm | spectrum_virtualize | >= 7.8.0.0 < 7.8.1.6 | 7.8.1.6 |
| ibm | spectrum_virtualize | >= 8.1.1.0 < 8.1.1.2 | 8.1.1.2 |
| ibm | spectrum_virtualize | >= 8.1.2.0 < 8.1.2.1 | 8.1.2.1 |
| ibm | spectrum_virtualize_for_public_cloud | >= 6.1.0.0 < 7.5.0.14 | 7.5.0.14 |
| ibm | spectrum_virtualize_for_public_cloud | >= 7.7.0.0 < 7.7.1.9 | 7.7.1.9 |
| ibm | spectrum_virtualize_for_public_cloud | >= 7.8.0.0 < 7.8.1.6 | 7.8.1.6 |
| ibm | spectrum_virtualize_for_public_cloud | >= 8.1.1.0 < 8.1.1.2 | 8.1.1.2 |
| ibm | spectrum_virtualize_for_public_cloud | >= 8.1.2.0 < 8.1.2.1 | 8.1.2.1 |
| ibm | storwize_v3500_firmware | >= 6.1.0.0 < 7.5.0.14 | 7.5.0.14 |
| ibm | storwize_v3500_firmware | >= 7.7.0.0 < 7.7.1.9 | 7.7.1.9 |
| ibm | storwize_v3500_firmware | >= 7.8.0.0 < 7.8.1.6 | 7.8.1.6 |
| ibm | storwize_v3500_firmware | >= 8.1.1.0 < 8.1.1.2 | 8.1.1.2 |
| ibm | storwize_v3500_firmware | >= 8.1.2.0 < 8.1.2.1 | 8.1.2.1 |
| ibm | storwize_v3700_firmware | >= 6.1.0.0 < 7.5.0.14 | 7.5.0.14 |
| ibm | storwize_v3700_firmware | >= 7.7.0.0 < 7.7.1.9 | 7.7.1.9 |
| ibm | storwize_v3700_firmware | >= 7.8.0.0 < 7.8.1.6 | 7.8.1.6 |
| ibm | storwize_v3700_firmware | >= 8.1.1.0 < 8.1.1.2 | 8.1.1.2 |
| ibm | storwize_v3700_firmware | >= 8.1.2.0 < 8.1.2.1 | 8.1.2.1 |