CVE-2018-1461
Published: May 17, 2018
Modified: Sep 16, 2024
Description
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.
| Vendor | Product | Versions |
|---|---|---|
IBM | Spectrum Virtualize Software | affected 7.5affected 7.6affected 7.6.1affected 7.7affected 7.7.1+12 more versions |
IBM | Storwize V5000 | affected 7.1affected 7.5affected 7.6affected 7.6.1affected 7.7+12 more versions |
IBM | Storwize V3500 | affected 6.4affected 7.1affected 7.5affected 7.6affected 7.6.1+12 more versions |
IBM | Storwize V7000 (2076) | affected 6.1affected 6.2affected 6.3affected 6.4affected 7.1+13 more versions |
IBM | Storwize V3700 | affected 7.1affected 6.4affected 7.5affected 7.6affected 7.6.1+12 more versions |
IBM | FlashSystem V9000 | affected 7.5affected 7.6affected 7.6.1affected 7.7affected 7.7.1+12 more versions |
IBM | SAN Volume Controller | affected 6.1affected 6.2affected 6.3affected 6.4affected 7.1+8 more versions |
IBM | Spectrum Virtualize for Public Cloud | affected 7.5affected 7.6affected 7.6.1affected 7.7affected 7.7.1+12 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now