CVE-2018-1461: XSS
First published: Thu May 17 2018(Updated: )
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Storwize V7000 Firmware | >=6.1.0.0<7.5.0.14 | |
| Ibm Storwize V7000 Firmware | >=7.7.0.0<7.7.1.9 | |
| Ibm Storwize V7000 Firmware | >=7.8.0.0<7.8.1.6 | |
| Ibm Storwize V7000 Firmware | >=8.1.1.0<8.1.1.2 | |
| Ibm Storwize V7000 Firmware | >=8.1.2.0<8.1.2.1 | |
| IBM Storwize V7000 | ||
| Ibm Storwize V5000 Firmware | >=6.1.0.0<7.5.0.14 | |
| Ibm Storwize V5000 Firmware | >=7.7.0.0<7.7.1.9 | |
| Ibm Storwize V5000 Firmware | >=7.8.0.0<7.8.1.6 | |
| Ibm Storwize V5000 Firmware | >=8.1.1.0<8.1.1.2 | |
| Ibm Storwize V5000 Firmware | >=8.1.2.0<8.1.2.1 | |
| Ibm Storwize V5000 | ||
| Ibm Storwize V3700 Firmware | >=6.1.0.0<7.5.0.14 | |
| Ibm Storwize V3700 Firmware | >=7.7.0.0<7.7.1.9 | |
| Ibm Storwize V3700 Firmware | >=7.8.0.0<7.8.1.6 | |
| Ibm Storwize V3700 Firmware | >=8.1.1.0<8.1.1.2 | |
| Ibm Storwize V3700 Firmware | >=8.1.2.0<8.1.2.1 | |
| Ibm Storwize V3700 | ||
| Ibm Storwize V3500 Firmware | >=6.1.0.0<7.5.0.14 | |
| Ibm Storwize V3500 Firmware | >=7.7.0.0<7.7.1.9 | |
| Ibm Storwize V3500 Firmware | >=7.8.0.0<7.8.1.6 | |
| Ibm Storwize V3500 Firmware | >=8.1.1.0<8.1.1.2 | |
| Ibm Storwize V3500 Firmware | >=8.1.2.0<8.1.2.1 | |
| Ibm Storwize V3500 | ||
| Ibm Storwize V9000 Firmware | >=6.1.0.0<7.5.0.14 | |
| Ibm Storwize V9000 Firmware | >=7.7.0.0<7.7.1.9 | |
| Ibm Storwize V9000 Firmware | >=7.8.0.0<7.8.1.6 | |
| Ibm Storwize V9000 Firmware | >=8.1.1.0<8.1.1.2 | |
| Ibm Storwize V9000 Firmware | >=8.1.2.0<8.1.2.1 | |
| Ibm Storwize V9000 | ||
| Ibm San Volume Controller Firmware | >=6.1.0.0<7.5.0.14 | |
| Ibm San Volume Controller Firmware | >=7.7.0.0<7.7.1.9 | |
| Ibm San Volume Controller Firmware | >=7.8.0.0<7.8.1.6 | |
| Ibm San Volume Controller Firmware | >=8.1.1.0<8.1.1.2 | |
| Ibm San Volume Controller Firmware | >=8.1.2.0<8.1.2.1 | |
| IBM SAN Volume Controller | ||
| IBM Spectrum Virtualize | >=6.1.0.0<7.5.0.14 | |
| IBM Spectrum Virtualize | >=7.7.0.0<7.7.1.9 | |
| IBM Spectrum Virtualize | >=7.8.0.0<7.8.1.6 | |
| IBM Spectrum Virtualize | >=8.1.1.0<8.1.1.2 | |
| IBM Spectrum Virtualize | >=8.1.2.0<8.1.2.1 | |
| Ibm Spectrum Virtualize For Public Cloud | >=6.1.0.0<7.5.0.14 | |
| Ibm Spectrum Virtualize For Public Cloud | >=7.7.0.0<7.7.1.9 | |
| Ibm Spectrum Virtualize For Public Cloud | >=7.8.0.0<7.8.1.6 | |
| Ibm Spectrum Virtualize For Public Cloud | >=8.1.1.0<8.1.1.2 | |
| Ibm Spectrum Virtualize For Public Cloud | >=8.1.2.0<8.1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/author
- vendor/ibm
- canonical/ibm storwize v7000 firmware
- version/ibm storwize v7000 firmware/6.1.0.0
- version/ibm storwize v7000 firmware/7.7.0.0
- version/ibm storwize v7000 firmware/7.8.0.0
- version/ibm storwize v7000 firmware/8.1.1.0
- version/ibm storwize v7000 firmware/8.1.2.0
- canonical/ibm storwize v7000
- canonical/ibm storwize v5000 firmware
- version/ibm storwize v5000 firmware/6.1.0.0
- version/ibm storwize v5000 firmware/7.7.0.0
- version/ibm storwize v5000 firmware/7.8.0.0
- version/ibm storwize v5000 firmware/8.1.1.0
- version/ibm storwize v5000 firmware/8.1.2.0
- canonical/ibm storwize v5000
- canonical/ibm storwize v3700 firmware
- version/ibm storwize v3700 firmware/6.1.0.0
- version/ibm storwize v3700 firmware/7.7.0.0
- version/ibm storwize v3700 firmware/7.8.0.0
- version/ibm storwize v3700 firmware/8.1.1.0
- version/ibm storwize v3700 firmware/8.1.2.0
- canonical/ibm storwize v3700
- canonical/ibm storwize v3500 firmware
- version/ibm storwize v3500 firmware/6.1.0.0
- version/ibm storwize v3500 firmware/7.7.0.0
- version/ibm storwize v3500 firmware/7.8.0.0
- version/ibm storwize v3500 firmware/8.1.1.0
- version/ibm storwize v3500 firmware/8.1.2.0
- canonical/ibm storwize v3500
- canonical/ibm storwize v9000 firmware
- version/ibm storwize v9000 firmware/6.1.0.0
- version/ibm storwize v9000 firmware/7.7.0.0
- version/ibm storwize v9000 firmware/7.8.0.0
- version/ibm storwize v9000 firmware/8.1.1.0
- version/ibm storwize v9000 firmware/8.1.2.0
- canonical/ibm storwize v9000
- canonical/ibm san volume controller firmware
- version/ibm san volume controller firmware/6.1.0.0
- version/ibm san volume controller firmware/7.7.0.0
- version/ibm san volume controller firmware/7.8.0.0
- version/ibm san volume controller firmware/8.1.1.0
- version/ibm san volume controller firmware/8.1.2.0
- canonical/ibm san volume controller
- canonical/ibm spectrum virtualize
- version/ibm spectrum virtualize/6.1.0.0
- version/ibm spectrum virtualize/7.7.0.0
- version/ibm spectrum virtualize/7.8.0.0
- version/ibm spectrum virtualize/8.1.1.0
- version/ibm spectrum virtualize/8.1.2.0
- canonical/ibm spectrum virtualize for public cloud
- version/ibm spectrum virtualize for public cloud/6.1.0.0
- version/ibm spectrum virtualize for public cloud/7.7.0.0
- version/ibm spectrum virtualize for public cloud/7.8.0.0
- version/ibm spectrum virtualize for public cloud/8.1.1.0
- version/ibm spectrum virtualize for public cloud/8.1.2.0