mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
88 lines
2.6 KiB
JSON
88 lines
2.6 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "psirt@us.ibm.com",
|
|
"DATE_PUBLIC": "2018-10-02T00:00:00",
|
|
"ID": "CVE-2018-1822",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "FlashSystem 900",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": " "
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "IBM"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296."
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvssv3": {
|
|
"BM": {
|
|
"A": "H",
|
|
"AC": "L",
|
|
"AV": "N",
|
|
"C": "H",
|
|
"I": "H",
|
|
"PR": "N",
|
|
"S": "U",
|
|
"SCORE": "9.800",
|
|
"UI": "N"
|
|
},
|
|
"TM": {
|
|
"E": "U",
|
|
"RC": "C",
|
|
"RL": "O"
|
|
}
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Bypass Security"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "ibm-flashsystem-cve20181822-sec-bypass(150296)",
|
|
"refsource": "XF",
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150296"
|
|
},
|
|
{
|
|
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10732962",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10732962"
|
|
}
|
|
]
|
|
}
|
|
} |