Ibm Storwize V9000 Firmware vulnerabilities
9 known vulnerabilities affecting ibm/storwize_v9000_firmware.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2018-1438HIGHCVSS 7.5≥ 6.1.0.0, < 7.5.0.14≥ 7.7.0.0, < 7.7.1.9+3 more2018-05-17
CVE-2018-1438 [HIGH] CWE-200 CVE-2018-1438: IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.
nvd
CVE-2018-1433HIGHCVSS 7.5≥ 6.1.0.0, < 7.5.0.14≥ 7.7.0.0, < 7.7.1.9+3 more2018-05-17
CVE-2018-1433 [HIGH] CWE-200 CVE-2018-1433: IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.
nvd
CVE-2018-1434HIGHCVSS 8.8≥ 6.1.0.0, < 7.5.0.14≥ 7.7.0.0, < 7.7.1.9+3 more2018-05-17
CVE-2018-1434 [HIGH] CWE-352 CVE-2018-1434: IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website
nvd
CVE-2018-1462HIGHCVSS 7.6≥ 6.1.0.0, < 7.5.0.14≥ 7.7.0.0, < 7.7.1.9+3 more2018-05-17
CVE-2018-1462 [HIGH] CWE-863 CVE-2018-1462: IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 1
nvd
CVE-2018-1463MEDIUMCVSS 6.5≥ 6.1.0.0, < 7.5.0.14≥ 7.7.0.0, < 7.7.1.9+3 more2018-05-17
CVE-2018-1463 [MEDIUM] CWE-863 CVE-2018-1463: IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.
nvd
CVE-2018-1464MEDIUMCVSS 6.5≥ 6.1.0.0, < 7.5.0.14≥ 7.7.0.0, < 7.7.1.9+3 more2018-05-17
CVE-2018-1464 [MEDIUM] CWE-200 CVE-2018-1464: IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.
nvd
CVE-2018-1461MEDIUMCVSS 5.4≥ 6.1.0.0, < 7.5.0.14≥ 7.7.0.0, < 7.7.1.9+3 more2018-05-17
CVE-2018-1461 [MEDIUM] CWE-79 CVE-2018-1461: IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality
nvd
CVE-2018-1465MEDIUMCVSS 5.3≥ 6.1.0.0, < 7.5.0.14≥ 7.7.0.0, < 7.7.1.9+3 more2018-05-17
CVE-2018-1465 [MEDIUM] CWE-200 CVE-2018-1465: IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.
nvd
CVE-2018-1466MEDIUMCVSS 5.3≥ 6.1.0.0, < 7.5.0.14≥ 7.7.0.0, < 7.7.1.9+3 more2018-05-17
CVE-2018-1466 [MEDIUM] CWE-326 CVE-2018-1466: IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1,
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.
nvd