Vulnerability Details : CVE-2018-1822
IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.
Vulnerability category: BypassGain privilege
Products affected by CVE-2018-1822
- cpe:2.3:o:ibm:flashsystem_900_firmware:1.4:*:*:*:*:*:*:*When used together with: IBM » Flashsystem 900
- cpe:2.3:o:ibm:flashsystem_840_firmware:1.4:*:*:*:*:*:*:*When used together with: IBM » Flashsystem 840
Exploit prediction scoring system (EPSS) score for CVE-2018-1822
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1822
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
IBM Corporation |
CWE ids for CVE-2018-1822
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1822
-
http://www.ibm.com/support/docview.wss?uid=ibm10732962
IBM Security Bulletin: Vulnerability in the IBM FlashSystem models 840 and 900Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/150296
IBM FlashSystem security bypass CVE-2018-1822 Vulnerability ReportVDB Entry;Vendor Advisory
Jump to