CVE-2018-1595 — IBM Spectrum Symphony vulnerability

4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 60.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spectrum Symphony IBM Platform Symphony

Timeline

PublishedAug 1

Latest updateMay 13

Description

IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5ibm/spectrum_symphony7.1.2, 7.2.0.2+1

▶NVDibm/platform_symphony6.1.1, 7.1.0, 7.1.1+2

▶NVDibm/spectrum_symphony7.1.2, 7.2.0.2+1

🔴Vulnerability Details

GHSA

GHSA-jj6w-68rp-xpwr: IBM Spectrum Symphony and Platform Symphony 7↗2022-05-13

▶

CVEList

CVE-2018-1595: IBM Spectrum Symphony and Platform Symphony 7↗2018-08-01

▶

💬Community

Bugzilla

CVE-2018-1000035 unzip: Heap-based buffer overflow in fileio.c:UzpPassword function allows code execution↗2018-01-22

▶