Product:

Storwize_v3500_firmware

(Ibm)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 12
Date Id Summary Products Score Patch Annotated
2014-09-24 CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka... Mac_os_x, Eos, Ubuntu_linux, Security_gateway, Netscaler_sdx_firmware, Debian_linux, Arx_firmware, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_protocol_security_module, Big\-Ip_wan_optimization_manager, Big\-Ip_webaccelerator, Big\-Iq_cloud, Big\-Iq_device, Big\-Iq_security, Enterprise_manager, Traffix_signaling_delivery_controller, Bash, Flex_system_v7000_firmware, Infosphere_guardium_database_activity_monitoring, Pureapplication_system, Qradar_risk_manager, Qradar_security_information_and_event_manager, Qradar_vulnerability_manager, San_volume_controller_firmware, Security_access_manager_for_mobile_8\.0_firmware, Security_access_manager_for_web_7\.0_firmware, Security_access_manager_for_web_8\.0_firmware, Smartcloud_entry_appliance, Smartcloud_provisioning, Software_defined_network_for_virtual_environments, Starter_kit_for_cloud, Stn6500_firmware, Stn6800_firmware, Stn7800_firmware, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Workload_deployer, Mageia, Open_enterprise_server, Zenworks_configuration_management, Opensuse, Linux, Qts, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage_server_for_on\-Premise, Virtualization, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite, Esx, Vcenter_server_appliance 9.8
2018-05-17 CVE-2018-1466 IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397. San_volume_controller_firmware, Spectrum_virtualize, Spectrum_virtualize_for_public_cloud, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Storwize_v9000_firmware N/A
2018-05-17 CVE-2018-1464 IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395. San_volume_controller_firmware, Spectrum_virtualize, Spectrum_virtualize_for_public_cloud, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Storwize_v9000_firmware N/A
2018-05-17 CVE-2018-1463 IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368. San_volume_controller_firmware, Spectrum_virtualize, Spectrum_virtualize_for_public_cloud, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Storwize_v9000_firmware N/A
2018-05-17 CVE-2018-1462 IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363. San_volume_controller_firmware, Spectrum_virtualize, Spectrum_virtualize_for_public_cloud, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Storwize_v9000_firmware N/A
2018-05-17 CVE-2018-1461 IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362. San_volume_controller_firmware, Spectrum_virtualize, Spectrum_virtualize_for_public_cloud, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Storwize_v9000_firmware N/A
2018-05-17 CVE-2018-1438 IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566. San_volume_controller_firmware, Spectrum_virtualize, Spectrum_virtualize_for_public_cloud, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Storwize_v9000_firmware N/A
2018-05-17 CVE-2018-1434 IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474. San_volume_controller_firmware, Spectrum_virtualize, Spectrum_virtualize_for_public_cloud, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Storwize_v9000_firmware N/A
2018-05-17 CVE-2018-1433 IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473. San_volume_controller_firmware, Spectrum_virtualize, Spectrum_virtualize_for_public_cloud, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Storwize_v9000_firmware N/A
2018-05-17 CVE-2018-1465 IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396. San_volume_controller_firmware, Spectrum_virtualize, Spectrum_virtualize_for_public_cloud, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Storwize_v9000_firmware N/A