CVE-2018-1434 - OpenCVE

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Storwize V7000 Storwize V3500 Firmware Storwize V9000 Firmware Spectrum Virtualize For Public Cloud Storwize V5000 Firmware San Volume Controller Storwize V7000 Firmware Storwize V3500 Storwize V3700 Firmware Storwize V3700 Spectrum Virtualize San Volume Controller Firmware Storwize V9000 Storwize V5000

Configuration 1 [-]

AND

OR	cpe:2.3:o:ibm:storwize_v7000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v7000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v7000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v7000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v7000_firmware::::::::

cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:ibm:storwize_v5000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v5000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v5000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v5000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v5000_firmware::::::::

cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:ibm:storwize_v3700_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3700_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3700_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3700_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3700_firmware::::::::

cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:ibm:storwize_v3500_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3500_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3500_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3500_firmware::::::::
	cpe:2.3:o:ibm:storwize_v3500_firmware::::::::

cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:ibm:storwize_v9000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v9000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v9000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v9000_firmware::::::::
	cpe:2.3:o:ibm:storwize_v9000_firmware::::::::

cpe:2.3:h:ibm:storwize_v9000:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:o:ibm:san_volume_controller_firmware::::::::
	cpe:2.3:o:ibm:san_volume_controller_firmware::::::::
	cpe:2.3:o:ibm:san_volume_controller_firmware::::::::
	cpe:2.3:o:ibm:san_volume_controller_firmware::::::::
	cpe:2.3:o:ibm:san_volume_controller_firmware::::::::

cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*

Configuration 7 [-]

OR	cpe:2.3:a:ibm:spectrum_virtualize::::::::
	cpe:2.3:a:ibm:spectrum_virtualize::::::::
	cpe:2.3:a:ibm:spectrum_virtualize::::::::
	cpe:2.3:a:ibm:spectrum_virtualize::::::::
	cpe:2.3:a:ibm:spectrum_virtualize::::::::

Configuration 8 [-]

OR	cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud::::::::
	cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud::::::::
	cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud::::::::
	cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud::::::::
	cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud::::::::

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=ssg1S1012263	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=ssg1S1012282	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=ssg1S1012283	Vendor Advisory
http://www.securityfocus.com/bid/104349	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/139474	VDB Entry Vendor Advisory