There is a vulnerability to which the FlashSystem™ V840 is susceptible. An exploit of this vulnerability could make the system subject to an attack where an unauthenticated user could download arbitrary files form the operating system.
CVEID: CVE-2018-1775 DESCRIPTION: IBM SAN Volume Controller and Storwize Family could allow an authenticated user to download arbitrary files from the operating system.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148757> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
FlashSystem 900 MTMs affected include 9840-AE2 and 9843-AE2. FlashSystem 840 MTMs affected include 9840-AE1 and 9843-AE1.
Supported code versions which are affected:
Supported controller node code versions which are affected
MTMs | VRMF | APAR | Remediation/First Fix |
---|
Storage nodes:
9846-AE1 & 9848-AE1
Controller nodes:
9846-AC0, 9846-AC1, 9848-AC0, & 9848-AC1
|
Code fixes are now available, the minimum VRMF containing the fix depending on the code stream:
Fixed Code VRMF
1.6 stream: 1.6.0.0
1.5 stream: 1.5.2.5
1.4 stream: 1.4.8.2
Controller Node VRMF
8.2 stream: 8.2.0.0
8.1 stream: 8.1.3.3
7.8 stream: 7.8.1.8
| N/A | FlashSystem V840 fixes for storage node are available @ IBM’s Fix Central
None.
CPE | Name | Operator | Version |
---|---|---|---|
ibm flashsystem software | eq | any |