What is the severity of CVE-2018-1461?

The severity of CVE-2018-1461 is categorized as high due to the potential for cross-site scripting attacks.

How do I fix CVE-2018-1461?

To fix CVE-2018-1461, it is recommended to apply the latest firmware updates provided by IBM for the affected systems.

What type of vulnerability is CVE-2018-1461?

CVE-2018-1461 is a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code into web applications.

What are the consequences of CVE-2018-1461?

The consequences of CVE-2018-1461 include the potential for attackers to hijack user sessions, display fake content, or redirect users to malicious sites.

Vulnerability/
CVE-2018-1461

medium

5.4

CWE

17/5/2018

19/8/2020

CVE-2018-1461: XSS

Q: Which IBM products are affected by CVE-2018-1461?

CVE-2018-1461 affects various versions of IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, and IBM FlashSystem products.

First published: Thu May 17 2018(Updated: )

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Storwize V7000 Firmware	>=6.1.0.0<7.5.0.14
IBM Storwize V7000 Firmware	>=7.7.0.0<7.7.1.9
IBM Storwize V7000 Firmware	>=7.8.0.0<7.8.1.6
IBM Storwize V7000 Firmware	>=8.1.1.0<8.1.1.2
IBM Storwize V7000 Firmware	>=8.1.2.0<8.1.2.1
IBM Storwize V7000 Firmware
IBM Storwize V5000	>=6.1.0.0<7.5.0.14
IBM Storwize V5000	>=7.7.0.0<7.7.1.9
IBM Storwize V5000	>=7.8.0.0<7.8.1.6
IBM Storwize V5000	>=8.1.1.0<8.1.1.2
IBM Storwize V5000	>=8.1.2.0<8.1.2.1
IBM Storwize V5000 software
IBM Storwize V3700 Firmware	>=6.1.0.0<7.5.0.14
IBM Storwize V3700 Firmware	>=7.7.0.0<7.7.1.9
IBM Storwize V3700 Firmware	>=7.8.0.0<7.8.1.6
IBM Storwize V3700 Firmware	>=8.1.1.0<8.1.1.2
IBM Storwize V3700 Firmware	>=8.1.2.0<8.1.2.1
IBM Storwize V3700 software
IBM Storwize V3500	>=6.1.0.0<7.5.0.14
IBM Storwize V3500	>=7.7.0.0<7.7.1.9
IBM Storwize V3500	>=7.8.0.0<7.8.1.6
IBM Storwize V3500	>=8.1.1.0<8.1.1.2
IBM Storwize V3500	>=8.1.2.0<8.1.2.1
IBM Storwize V3500 Firmware
IBM Storwize V9000	>=6.1.0.0<7.5.0.14
IBM Storwize V9000	>=7.7.0.0<7.7.1.9
IBM Storwize V9000	>=7.8.0.0<7.8.1.6
IBM Storwize V9000	>=8.1.1.0<8.1.1.2
IBM Storwize V9000	>=8.1.2.0<8.1.2.1
IBM Storwize V9000
IBM SAN Volume Controller Firmware	>=6.1.0.0<7.5.0.14
IBM SAN Volume Controller Firmware	>=7.7.0.0<7.7.1.9
IBM SAN Volume Controller Firmware	>=7.8.0.0<7.8.1.6
IBM SAN Volume Controller Firmware	>=8.1.1.0<8.1.1.2
IBM SAN Volume Controller Firmware	>=8.1.2.0<8.1.2.1
IBM SAN Volume Controller Firmware
IBM Spectrum Virtualize	>=6.1.0.0<7.5.0.14
IBM Spectrum Virtualize	>=7.7.0.0<7.7.1.9
IBM Spectrum Virtualize	>=7.8.0.0<7.8.1.6
IBM Spectrum Virtualize	>=8.1.1.0<8.1.1.2
IBM Spectrum Virtualize	>=8.1.2.0<8.1.2.1
IBM Spectrum Virtualize software For public cloud	>=6.1.0.0<7.5.0.14
IBM Spectrum Virtualize software For public cloud	>=7.7.0.0<7.7.1.9
IBM Spectrum Virtualize software For public cloud	>=7.8.0.0<7.8.1.6
IBM Spectrum Virtualize software For public cloud	>=8.1.1.0<8.1.1.2
IBM Spectrum Virtualize software For public cloud	>=8.1.2.0<8.1.2.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-1461?
The severity of CVE-2018-1461 is categorized as high due to the potential for cross-site scripting attacks.
How do I fix CVE-2018-1461?
To fix CVE-2018-1461, it is recommended to apply the latest firmware updates provided by IBM for the affected systems.
Which IBM products are affected by CVE-2018-1461?
CVE-2018-1461 affects various versions of IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, and IBM FlashSystem products.
What type of vulnerability is CVE-2018-1461?
CVE-2018-1461 is a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code into web applications.
What are the consequences of CVE-2018-1461?
The consequences of CVE-2018-1461 include the potential for attackers to hijack user sessions, display fake content, or redirect users to malicious sites.

agent/type
agent/last-modified-date
agent/first-publish-date
agent/severity
agent/weakness
agent/references
agent/author
agent/tags
agent/softwarecombine
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm storwize v7000 firmware
version/ibm storwize v7000 firmware/6.1.0.0
version/ibm storwize v7000 firmware/7.7.0.0
version/ibm storwize v7000 firmware/7.8.0.0
version/ibm storwize v7000 firmware/8.1.1.0
version/ibm storwize v7000 firmware/8.1.2.0
canonical/ibm storwize v5000
version/ibm storwize v5000/6.1.0.0
version/ibm storwize v5000/7.7.0.0
version/ibm storwize v5000/7.8.0.0
version/ibm storwize v5000/8.1.1.0
version/ibm storwize v5000/8.1.2.0
canonical/ibm storwize v5000 software
canonical/ibm storwize v3700 firmware
version/ibm storwize v3700 firmware/6.1.0.0
version/ibm storwize v3700 firmware/7.7.0.0
version/ibm storwize v3700 firmware/7.8.0.0
version/ibm storwize v3700 firmware/8.1.1.0
version/ibm storwize v3700 firmware/8.1.2.0
canonical/ibm storwize v3700 software
canonical/ibm storwize v3500
version/ibm storwize v3500/6.1.0.0
version/ibm storwize v3500/7.7.0.0
version/ibm storwize v3500/7.8.0.0
version/ibm storwize v3500/8.1.1.0
version/ibm storwize v3500/8.1.2.0
canonical/ibm storwize v3500 firmware
canonical/ibm storwize v9000
version/ibm storwize v9000/6.1.0.0
version/ibm storwize v9000/7.7.0.0
version/ibm storwize v9000/7.8.0.0
version/ibm storwize v9000/8.1.1.0
version/ibm storwize v9000/8.1.2.0
canonical/ibm san volume controller firmware
version/ibm san volume controller firmware/6.1.0.0
version/ibm san volume controller firmware/7.7.0.0
version/ibm san volume controller firmware/7.8.0.0
version/ibm san volume controller firmware/8.1.1.0
version/ibm san volume controller firmware/8.1.2.0
canonical/ibm spectrum virtualize
version/ibm spectrum virtualize/6.1.0.0
version/ibm spectrum virtualize/7.7.0.0
version/ibm spectrum virtualize/7.8.0.0
version/ibm spectrum virtualize/8.1.1.0
version/ibm spectrum virtualize/8.1.2.0
canonical/ibm spectrum virtualize software for public cloud
version/ibm spectrum virtualize software for public cloud/6.1.0.0
version/ibm spectrum virtualize software for public cloud/7.7.0.0
version/ibm spectrum virtualize software for public cloud/7.8.0.0
version/ibm spectrum virtualize software for public cloud/8.1.1.0
version/ibm spectrum virtualize software for public cloud/8.1.2.0

CVE-2018-1461: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-1461?

How do I fix CVE-2018-1461?

Which IBM products are affected by CVE-2018-1461?

What type of vulnerability is CVE-2018-1461?

What are the consequences of CVE-2018-1461?

Company

Resources

Contact