CVE-2018-1461

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 46.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
IBM SAN Volume Controller FirmwareIBM Spectrum VirtualizeIBM Spectrum Virtualize FOR Public Cloud+12 more
Timeline
PublishedMay 17
Latest updateMay 13

Description

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages15 packages

NVDibm/spectrum_virtualize6.1.0.07.5.0.14+4
NVDibm/san_volume_controller_firmware6.1.0.07.5.0.14+4
CVEListV5ibm/san_volume_controller13 versions+12
CVEListV5ibm/spectrum_virtualize_software17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-mxx7-2p36-3j2p: IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 62022-05-13
CVEList
CVE-2018-1461: IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 62018-05-17

💥Exploits & PoCs

1
Exploit-DB
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)2018-09-17
CVE-2018-1461 (MEDIUM CVSS 5.4) | IBM SAN Volume Controller | cvebase.io