VYPR
← All advisories
Unrated severityNVD Advisory· Published May 17, 2018· Updated Sep 16, 2024

CVE-2018-1464

CVE-2018-1464

Description

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM SAN Volume Controller and related products allow authenticated users to access sensitive information they are not authorized to read.

Vulnerability

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, and IBM FlashSystem products (versions 6.1 through 8.1.1) contain an authorization vulnerability that allows an authenticated user to obtain sensitive information they should not have access to. The specific endpoint or mechanism is not disclosed in the available references.

Exploitation

An attacker must have valid authentication credentials to the affected system. With authenticated access, the attacker can exploit this vulnerability to read sensitive information that is normally restricted. No further details on the exploitation steps are available in the public references.

Impact

Successful exploitation leads to unauthorized disclosure of sensitive information, compromising confidentiality. The attacker does not gain write or execute access, only read access to information they are not authorized to see.

Mitigation

Not yet disclosed in the available references.

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

11
  • IBM/Spectrum Virtualizellm-fuzzy
    Range: 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, 8.1.1
  • IBM/Storwizellm-fuzzy
    Range: 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, 8.1.1
  • IBM/San Volume Controllerllm-fuzzy2 versions
    6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, 8.1.1+ 1 more
    • (no CPE)range: 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, 8.1.1
    • (no CPE)range: 6.1
  • IBM/Flashsystem V9000 Firmwarecpe-rescue
    Range: 7.5
  • IBM/Spectrum Virtualize for Public Cloudv5
    Range: 7.5
  • IBM/Spectrum Virtualize Softwarev5
    Range: 7.5
  • IBM/Storwize V3500cpe-rescue
    Range: 6.4
  • IBM/Storwize V3700cpe-rescue
    Range: 7.1
  • IBM/Storwize V5000cpe-rescue
    Range: 7.1
  • IBM/Storwize V7000cpe-rescue
    Range: 6.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.