Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1447

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.

Published

2018-04-04T18:29:02.293

Last Modified

2024-11-21T03:59:50.253

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-916

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	spectrum_protect_for_space_management	≤ 7.1.8.1	Yes
Application	ibm	spectrum_protect_for_space_management	≤ 8.1.4.0	Yes
Application	ibm	spectrum_protect_for_virtual_environments	≤ 7.1.8.0	Yes
Application	ibm	spectrum_protect_for_virtual_environments	≤ 8.1.4.0	Yes
Application	ibm	spectrum_protect_snapshot	≤ 4.1.6.3	Yes

References

http://www.ibm.com/support/docview.wss?uid=swg22014669 Patch, Vendor Advisory ([email protected])
http://www.ibm.com/support/docview.wss?uid=swg22014957 Patch, Vendor Advisory ([email protected])
http://www.ibm.com/support/docview.wss?uid=swg22015066 Patch, Vendor Advisory ([email protected])
http://www.ibm.com/support/docview.wss?uid=swg22015071 Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/104511 ([email protected])
http://www.securitytracker.com/id/1041012 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/139972 VDB Entry, Vendor Advisory ([email protected])
http://www.ibm.com/support/docview.wss?uid=swg22014669 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=swg22014957 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=swg22015066 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=swg22015071 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/104511 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1041012 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/139972 VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)