Описание
IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.
Ссылки
- PatchVendor Advisory
- VDB EntryVendor Advisory
- PatchVendor Advisory
- VDB EntryVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:ibm:flashsystem_900_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flashsystem_900:*:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:ibm:flashsystem_840_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flashsystem_840:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.0014
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.
EPSS
Процентиль: 34%
0.0014
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-287