CVE-2018-1822 Information

Description

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.ibm.com/support/docview.wss?uid=ibm10732962 https://exchange.xforce.ibmcloud.com/vulnerabilities/150296

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8