CVE-2018-1822
CRITICALIBM FlashSystem 900 and 840 Firmware - Unauthenticated Authentication Bypass
Title source: llmDescription
IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.
References (2)
Core 2
Core References
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/150296
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=ibm10732962
Scores
CVSS v3
9.8
EPSS
0.0343
EPSS Percentile
87.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (2)
ibm/flashsystem_840_firmware
1.4
ibm/flashsystem_900_firmware
1.4
Published
Oct 18, 2018
Tracked Since
Feb 18, 2026