CVE-2018-1595 - OpenCVE

IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Spectrum Symphony Platform Symphony

Configuration 1 [-]

OR	cpe:2.3:a:ibm:platform_symphony:6.1.1:::::::*
	cpe:2.3:a:ibm:platform_symphony:7.1.0:::::::*
	cpe:2.3:a:ibm:platform_symphony:7.1.1:::::::*
	cpe:2.3:a:ibm:spectrum_symphony:7.1.2:::::::*
	cpe:2.3:a:ibm:spectrum_symphony:7.2.0.2:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/104956	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/143622	VDB Entry Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=isg3T1027819	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2018-07-23T00:00:00

Updated: 2018-08-04T09:57:01

Reserved: 2017-12-13T00:00:00

Link: CVE-2018-1595

JSON object: View

NVD Information

Status : Modified

Published: 2018-08-01T17:29:00.503

Modified: 2019-10-09T23:38:42.477

Link: CVE-2018-1595

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Spectrum Symphony", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.2.0.2"}, {"status": "affected", "version": "7.1.2"}]}], "datePublic": "2018-07-23T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.7, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-04T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "104956", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104956"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/docview.wss?uid=isg3T1027819"}, {"name": "ibm-symphony-cve20181595-code-exec(143622)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143622"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-07-23T00:00:00", "ID": "CVE-2018-1595", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spectrum Symphony", "version": {"version_data": [{"version_value": "7.2.0.2"}, {"version_value": "7.1.2"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "L", "AV": "N", "C": "H", "I": "H", "PR": "L", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "104956", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104956"}, {"name": "https://www.ibm.com/support/docview.wss?uid=isg3T1027819", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=isg3T1027819"}, {"name": "ibm-symphony-cve20181595-code-exec(143622)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143622"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1595", "datePublished": "2018-07-23T00:00:00", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2018-08-04T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:platform_symphony:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "382B022D-9EEA-4A0A-87AC-D94ACCA1A177", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:platform_symphony:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "495837A4-A740-4BD9-BE23-4F092B7A8681", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:platform_symphony:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7E5393B9-E99A-406F-9793-5048220805EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_symphony:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "EA27E6AD-74E3-4DF3-A24D-D4C7BF73A739", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_symphony:7.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "72D28E42-7AD1-4FE5-BE6E-76DD90D8DC67", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622."}, {"lang": "es", "value": "IBM Spectrum Symphony y Platform Symphony 7.1.2 y 7.2.0.2 podr\u00edan permitir que un usuario autenticado ejecute comandos arbitrarios debido al manejo incorrecto de entradas proporcionadas por el usuario. IBM X-Force ID: 143622."}], "id": "CVE-2018-1595", "lastModified": "2019-10-09T23:38:42.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2018-08-01T17:29:00.503", "references": [{"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104956"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143622"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/docview.wss?uid=isg3T1027819"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}