CVE-2018-1822

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ibmCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
ibmflashsystem_900_firmware
1.4
ibmflashsystem_840_firmware
1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=ibm10732962
https://exchange.xforce.ibmcloud.com/vulnerabilities/150296
http://www.ibm.com/support/docview.wss?uid=ibm10732962
https://exchange.xforce.ibmcloud.com/vulnerabilities/150296