CVE-2018-1461

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.

Published: May 17, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-1461
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
ibm / storwize_v7000_firmware	6.1.0.0	7.5.0.14
ibm / storwize_v7000_firmware	7.7.0.0	7.7.1.9
ibm / storwize_v7000_firmware	7.8.0.0	7.8.1.6
ibm / storwize_v7000_firmware	8.1.1.0	8.1.1.2
ibm / storwize_v7000_firmware	8.1.2.0	8.1.2.1
ibm / storwize_v5000_firmware	6.1.0.0	7.5.0.14
ibm / storwize_v5000_firmware	7.7.0.0	7.7.1.9
ibm / storwize_v5000_firmware	7.8.0.0	7.8.1.6
ibm / storwize_v5000_firmware	8.1.1.0	8.1.1.2
ibm / storwize_v5000_firmware	8.1.2.0	8.1.2.1
ibm / storwize_v3700_firmware	6.1.0.0	7.5.0.14
ibm / storwize_v3700_firmware	7.7.0.0	7.7.1.9
ibm / storwize_v3700_firmware	7.8.0.0	7.8.1.6
ibm / storwize_v3700_firmware	8.1.1.0	8.1.1.2
ibm / storwize_v3700_firmware	8.1.2.0	8.1.2.1
ibm / storwize_v3500_firmware	6.1.0.0	7.5.0.14
ibm / storwize_v3500_firmware	7.7.0.0	7.7.1.9
ibm / storwize_v3500_firmware	7.8.0.0	7.8.1.6
ibm / storwize_v3500_firmware	8.1.1.0	8.1.1.2
ibm / storwize_v3500_firmware	8.1.2.0	8.1.2.1
ibm / storwize_v9000_firmware	6.1.0.0	7.5.0.14
ibm / storwize_v9000_firmware	7.7.0.0	7.7.1.9
ibm / storwize_v9000_firmware	7.8.0.0	7.8.1.6
ibm / storwize_v9000_firmware	8.1.1.0	8.1.1.2
ibm / storwize_v9000_firmware	8.1.2.0	8.1.2.1
ibm / san_volume_controller_firmware	6.1.0.0	7.5.0.14
ibm / san_volume_controller_firmware	7.7.0.0	7.7.1.9
ibm / san_volume_controller_firmware	7.8.0.0	7.8.1.6
ibm / san_volume_controller_firmware	8.1.1.0	8.1.1.2
ibm / san_volume_controller_firmware	8.1.2.0	8.1.2.1
ibm / spectrum_virtualize	8.1.2.0	8.1.2.1
ibm / spectrum_virtualize	8.1.1.0	8.1.1.2
ibm / spectrum_virtualize	7.8.0.0	7.8.1.6
ibm / spectrum_virtualize	7.7.0.0	7.7.1.9
ibm / spectrum_virtualize	6.1.0.0	7.5.0.14
ibm / spectrum_virtualize_for_public_cloud	8.1.2.0	8.1.2.1
ibm / spectrum_virtualize_for_public_cloud	8.1.1.0	8.1.1.2
ibm / spectrum_virtualize_for_public_cloud	7.8.0.0	7.8.1.6
ibm / spectrum_virtualize_for_public_cloud	7.7.0.0	7.7.1.9
ibm / spectrum_virtualize_for_public_cloud	6.1.0.0	7.5.0.14

Vulnerability Database

289,599

CVE-2018-1461