First published: Thu May 17 2018(Updated: )
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Storwize Unified V7000 | >=6.1.0.0<7.5.0.14 | |
IBM Storwize Unified V7000 | >=7.7.0.0<7.7.1.9 | |
IBM Storwize Unified V7000 | >=7.8.0.0<7.8.1.6 | |
IBM Storwize Unified V7000 | >=8.1.1.0<8.1.1.2 | |
IBM Storwize Unified V7000 | >=8.1.2.0<8.1.2.1 | |
IBM Storwize Unified V7000 | ||
IBM Storwize V5000 | >=6.1.0.0<7.5.0.14 | |
IBM Storwize V5000 | >=7.7.0.0<7.7.1.9 | |
IBM Storwize V5000 | >=7.8.0.0<7.8.1.6 | |
IBM Storwize V5000 | >=8.1.1.0<8.1.1.2 | |
IBM Storwize V5000 | >=8.1.2.0<8.1.2.1 | |
IBM Storwize | ||
IBM Storwize V3700 Firmware | >=6.1.0.0<7.5.0.14 | |
IBM Storwize V3700 Firmware | >=7.7.0.0<7.7.1.9 | |
IBM Storwize V3700 Firmware | >=7.8.0.0<7.8.1.6 | |
IBM Storwize V3700 Firmware | >=8.1.1.0<8.1.1.2 | |
IBM Storwize V3700 Firmware | >=8.1.2.0<8.1.2.1 | |
IBM Storwize | ||
IBM Storwize V3500 Software | >=6.1.0.0<7.5.0.14 | |
IBM Storwize V3500 Software | >=7.7.0.0<7.7.1.9 | |
IBM Storwize V3500 Software | >=7.8.0.0<7.8.1.6 | |
IBM Storwize V3500 Software | >=8.1.1.0<8.1.1.2 | |
IBM Storwize V3500 Software | >=8.1.2.0<8.1.2.1 | |
IBM Storwize V3500 Software | ||
IBM Storwize V9000 | >=6.1.0.0<7.5.0.14 | |
IBM Storwize V9000 | >=7.7.0.0<7.7.1.9 | |
IBM Storwize V9000 | >=7.8.0.0<7.8.1.6 | |
IBM Storwize V9000 | >=8.1.1.0<8.1.1.2 | |
IBM Storwize V9000 | >=8.1.2.0<8.1.2.1 | |
IBM Storwize | ||
IBM SAN Volume Controller Firmware | >=6.1.0.0<7.5.0.14 | |
IBM SAN Volume Controller Firmware | >=7.7.0.0<7.7.1.9 | |
IBM SAN Volume Controller Firmware | >=7.8.0.0<7.8.1.6 | |
IBM SAN Volume Controller Firmware | >=8.1.1.0<8.1.1.2 | |
IBM SAN Volume Controller Firmware | >=8.1.2.0<8.1.2.1 | |
IBM SAN Volume Controller Firmware | ||
IBM Storage Virtualize | >=6.1.0.0<7.5.0.14 | |
IBM Storage Virtualize | >=7.7.0.0<7.7.1.9 | |
IBM Storage Virtualize | >=7.8.0.0<7.8.1.6 | |
IBM Storage Virtualize | >=8.1.1.0<8.1.1.2 | |
IBM Storage Virtualize | >=8.1.2.0<8.1.2.1 | |
IBM Spectrum Virtualize | >=6.1.0.0<7.5.0.14 | |
IBM Spectrum Virtualize | >=7.7.0.0<7.7.1.9 | |
IBM Spectrum Virtualize | >=7.8.0.0<7.8.1.6 | |
IBM Spectrum Virtualize | >=8.1.1.0<8.1.1.2 | |
IBM Spectrum Virtualize | >=8.1.2.0<8.1.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1434 has a medium severity rating, indicating that it poses a moderate risk to affected systems.
To fix CVE-2018-1434, users should update their IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, or IBM FlashSystem products to the latest firmware version provided by IBM.
CVE-2018-1434 affects multiple versions of IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, and IBM FlashSystem products, specifically versions ranging from 6.1 to 8.1.2.1.
CVE-2018-1434 is a cross-site request forgery (CSRF) vulnerability that could allow an attacker to perform unauthorized actions.
It is critical to address CVE-2018-1434 promptly, as failure to do so can result in unauthorized access and potential manipulation of the affected systems.