VYPR
← All advisories
Unrated severityNVD Advisory· Published May 17, 2018· Updated Sep 17, 2024

CVE-2018-1462

CVE-2018-1462

Description

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated users can access, delete, or cause DoS via improper file access in IBM storage products versions 6.1-8.1.1.

Vulnerability

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, and IBM FlashSystem products (versions 6.1 through 8.1.1) contain a vulnerability that allows an authenticated user to access system files they should not have access to, including deleting files or causing a denial of service [1]. The issue is present in the product's management interface.

Exploitation

An attacker must have authenticated access to the affected product's management interface. With valid credentials, the attacker can send specially crafted requests to access, modify, or delete system files, potentially leading to a denial of service [1].

Impact

Successful exploitation allows the attacker to read, modify, or delete arbitrary system files, compromising the confidentiality and integrity of the system, and potentially causing a denial of service [1]. No privilege escalation is required beyond the authenticated user role.

Mitigation

IBM has not released a specific fix for CVE-2018-1462 as of the publication date. Users should apply the latest firmware updates from IBM and refer to the security bulletins for general mitigations [1].

References
  1. Security Bulletin: Multiple vulnerabilities in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

11
  • IBM/Spectrum Virtualizellm-fuzzy
    Range: 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, 8.1.1
  • IBM/Storwizellm-fuzzy
    Range: 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, 8.1.1
  • IBM/San Volume Controllerllm-fuzzy2 versions
    6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, 8.1.1+ 1 more
    • (no CPE)range: 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, 8.1.1
    • (no CPE)range: 6.1
  • IBM/Flashsystem V9000 Firmwarecpe-rescue
    Range: 7.5
  • IBM/Spectrum Virtualize for Public Cloudv5
    Range: 7.5
  • IBM/Spectrum Virtualize Softwarev5
    Range: 7.5
  • IBM/Storwize V3500cpe-rescue
    Range: 6.4
  • IBM/Storwize V3700cpe-rescue
    Range: 7.1
  • IBM/Storwize V5000cpe-rescue
    Range: 7.1
  • IBM/Storwize V7000cpe-rescue
    Range: 6.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.