{"containers": {"cna": {"affected": [{"product": "torwize V7000", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.5"}, {"status": "affected", "version": "8.2"}]}, {"product": "torwize V3500", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.5"}, {"status": "affected", "version": "8.2"}]}, {"product": "torwize V3700", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.5"}, {"status": "affected", "version": "8.2"}]}, {"product": "Spectrum Virtualize for Public Cloud", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.5"}, {"status": "affected", "version": "8.2"}]}, {"product": "Spectrum Virtualize Software", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.5"}, {"status": "affected", "version": "8.2"}]}, {"product": "SAN Volume Controller", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.5"}, {"status": "affected", "version": "8.2"}]}, {"product": "FlashSystem V9000", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.5"}, {"status": "affected", "version": "8.2"}]}, {"product": "torwize V5000", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.5"}, {"status": "affected", "version": "8.2"}]}, {"product": "FlashSystem 9100 Family", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.5"}, {"status": "affected", "version": "8.2"}]}], "datePublic": "2019-02-25T00:00:00", "descriptions": [{"lang": "en", "value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "TEMPORARY_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:T", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-01T10:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "107187", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107187"}, {"name": "ibm-storwize-cve20181775-file-download(148757)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-02-25T00:00:00", "ID": "CVE-2018-1775", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "torwize V7000", "version": {"version_data": [{"version_value": "7.5"}, {"version_value": "8.2"}]}}, {"product_name": "torwize V3500", "version": {"version_data": [{"version_value": "7.5"}, {"version_value": "8.2"}]}}, {"product_name": "torwize V3700", "version": {"version_data": [{"version_value": "7.5"}, {"version_value": "8.2"}]}}, {"product_name": "Spectrum Virtualize for Public Cloud", "version": {"version_data": [{"version_value": "7.5"}, {"version_value": "8.2"}]}}, {"product_name": "Spectrum Virtualize Software", "version": {"version_data": [{"version_value": "7.5"}, {"version_value": "8.2"}]}}, {"product_name": "SAN Volume Controller", "version": {"version_data": [{"version_value": "7.5"}, {"version_value": "8.2"}]}}, {"product_name": "FlashSystem V9000", "version": {"version_data": [{"version_value": "7.5"}, {"version_value": "8.2"}]}}, {"product_name": "torwize V5000", "version": {"version_data": [{"version_value": "7.5"}, {"version_value": "8.2"}]}}, {"product_name": "FlashSystem 9100 Family", "version": {"version_data": [{"version_value": "7.5"}, {"version_value": "8.2"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "H", "I": "N", "PR": "L", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "T"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "107187", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107187"}, {"name": "ibm-storwize-cve20181775-file-download(148757)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"}, {"name": "https://www.ibm.com/support/docview.wss?uid=ibm10872486", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:07:44.355Z"}, "title": "CVE Program Container", "references": [{"name": "107187", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107187"}, {"name": "ibm-storwize-cve20181775-file-download(148757)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1775", "datePublished": "2019-02-27T22:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T18:43:43.401Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spectrum_virtualize_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF325635-CFE5-4BB8-8A9A-1942E441E70A", "versionEndIncluding": "8.2", "versionStartIncluding": "7.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flashsystem_v9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB9C13EA-8C4C-42C5-A451-611FF0904AE8", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flashsystem_v9100:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C9885F2-D9C5-4F91-8BCE-60684AFFC789", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5D84487-CEBA-48A0-9B15-A0300D992E3D", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", "matchCriteriaId": "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA2ED020-4C7B-4303-ABE6-74D46D127556", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spectrum_virtualize_software_for_public_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "16DB16EC-035E-4C24-8CD5-7E5E49973C8D", "versionEndIncluding": "8.2", "versionStartIncluding": "7.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flashsystem_v9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB9C13EA-8C4C-42C5-A451-611FF0904AE8", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flashsystem_v9100:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C9885F2-D9C5-4F91-8BCE-60684AFFC789", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5D84487-CEBA-48A0-9B15-A0300D992E3D", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", "matchCriteriaId": "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA2ED020-4C7B-4303-ABE6-74D46D127556", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757."}, {"lang": "es", "value": "Los productos de IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize y IBM FlashSystem, en sus versiones desde la 7.5 hasta la 8.2, podr\u00edan permitir a un atacante autenticado descargar archivos arbitrarios desde el sistema operativo.  IBM X-Force ID: 148757."}], "id": "CVE-2018-1775", "lastModified": "2024-11-21T04:00:20.820", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-27T22:29:00.380", "references": [{"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107187"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107187"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872486"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}