QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1433

Published: May 17, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

ibm-storwize-cve20181433-file-download(139473)

vdb-entry

x_refsource_XF

http://www.ibm.com/support/docview.wss?uid=ssg1S1012282

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://www.ibm.com/support/docview.wss?uid=ssg1S1012263

x_refsource_CONFIRM

http://www.ibm.com/support/docview.wss?uid=ssg1S1012283

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.