CVE-2018-1434
Description
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM storage products are vulnerable to CSRF, allowing an attacker to execute unauthorized actions via a trusted user's session.
Vulnerability
Cross-site request forgery (CSRF) vulnerability in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, and IBM FlashSystem products. Affected versions include 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 [1][2][3]. The flaw allows an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Exploitation
An unauthenticated attacker can exploit this vulnerability by crafting a malicious request and persuading a logged-in user (via social engineering) to visit a specially crafted page or link. No authentication is required on the attacker's part. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) indicates network access, low complexity, user interaction required, and high integrity impact [1].
Impact
Successful exploitation allows the attacker to perform unauthorized actions on the affected system with the privileges of the authenticated user, leading to a high integrity impact. No confidentiality or availability impact is expected.
Mitigation
IBM has released security fixes for this vulnerability. Customers are advised to apply the latest updates available from IBM. Refer to the security bulletins [1][2][3] for specific version information and download links. As a workaround, users should avoid clicking untrusted links and ensure proper CSRF protections are enabled.
- Security Bulletin: Multiple vulnerabilities in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
- Security Bulletin: Multiple vulnerabilities affect the IBM FlashSystem model V840
- Security Bulletin: Multiple vulnerabilities affect the IBM FlashSystem models 840 and 900
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11- Range: 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, 8.1.1
6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, 8.1.1+ 1 more
- (no CPE)range: 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, 8.1.1
- (no CPE)range: 6.1
- Range: 7.5
- IBM/Spectrum Virtualize for Public Cloudv5Range: 7.5
- IBM/Spectrum Virtualize Softwarev5Range: 7.5
- Range: 6.4
- Range: 7.1
- Range: 7.1
- Range: 6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
- www.securityfocus.com/bid/104349mitrevdb-entryx_refsource_BID
- exchange.xforce.ibmcloud.com/vulnerabilities/139474mitrevdb-entryx_refsource_XF
News mentions
0No linked articles in our index yet.