Vulnerability CVE-2018-1822
Published: 2018-10-18

Description:
IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.

Type:

CWE-287

 (Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
IBM -> Flashsystem 840 firmware 
IBM -> Flashsystem 900 firmware 

 References:
http://www.ibm.com/support/docview.wss?uid=ibm10732962
https://exchange.xforce.ibmcloud.com/vulnerabilities/150296
Copyright 2024, cxsecurity.com

 

Back to Top