Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1466

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.

Published

2018-05-17T21:29:00.713

Last Modified

2024-11-21T03:59:52.847

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-326

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ibm	storwize_v7000_firmware	< 7.5.0.14	Yes
Operating System	ibm	storwize_v7000_firmware	< 7.7.1.9	Yes
Operating System	ibm	storwize_v7000_firmware	< 7.8.1.6	Yes
Operating System	ibm	storwize_v7000_firmware	< 8.1.1.2	Yes
Operating System	ibm	storwize_v7000_firmware	< 8.1.2.1	Yes
Hardware	ibm	storwize_v7000	-	No
Operating System	ibm	storwize_v5000_firmware	< 7.5.0.14	Yes
Operating System	ibm	storwize_v5000_firmware	< 7.7.1.9	Yes
Operating System	ibm	storwize_v5000_firmware	< 7.8.1.6	Yes
Operating System	ibm	storwize_v5000_firmware	< 8.1.1.2	Yes
Operating System	ibm	storwize_v5000_firmware	< 8.1.2.1	Yes
Hardware	ibm	storwize_v5000	-	No
Operating System	ibm	storwize_v3700_firmware	< 7.5.0.14	Yes
Operating System	ibm	storwize_v3700_firmware	< 7.7.1.9	Yes
Operating System	ibm	storwize_v3700_firmware	< 7.8.1.6	Yes
Operating System	ibm	storwize_v3700_firmware	< 8.1.1.2	Yes
Operating System	ibm	storwize_v3700_firmware	< 8.1.2.1	Yes
Hardware	ibm	storwize_v3700	-	No
Operating System	ibm	storwize_v3500_firmware	< 7.5.0.14	Yes
Operating System	ibm	storwize_v3500_firmware	< 7.7.1.9	Yes
Operating System	ibm	storwize_v3500_firmware	< 7.8.1.6	Yes
Operating System	ibm	storwize_v3500_firmware	< 8.1.1.2	Yes
Operating System	ibm	storwize_v3500_firmware	< 8.1.2.1	Yes
Hardware	ibm	storwize_v3500	-	No
Operating System	ibm	storwize_v9000_firmware	< 7.5.0.14	Yes
Operating System	ibm	storwize_v9000_firmware	< 7.7.1.9	Yes
Operating System	ibm	storwize_v9000_firmware	< 7.8.1.6	Yes
Operating System	ibm	storwize_v9000_firmware	< 8.1.1.2	Yes
Operating System	ibm	storwize_v9000_firmware	< 8.1.2.1	Yes
Hardware	ibm	storwize_v9000	-	No
Operating System	ibm	san_volume_controller_firmware	< 7.5.0.14	Yes
Operating System	ibm	san_volume_controller_firmware	< 7.7.1.9	Yes
Operating System	ibm	san_volume_controller_firmware	< 7.8.1.6	Yes
Operating System	ibm	san_volume_controller_firmware	< 8.1.1.2	Yes
Operating System	ibm	san_volume_controller_firmware	< 8.1.2.1	Yes
Hardware	ibm	san_volume_controller	-	No
Application	ibm	spectrum_virtualize	< 7.5.0.14	Yes
Application	ibm	spectrum_virtualize	< 7.7.1.9	Yes
Application	ibm	spectrum_virtualize	< 7.8.1.6	Yes
Application	ibm	spectrum_virtualize	< 8.1.1.2	Yes
Application	ibm	spectrum_virtualize	< 8.1.2.1	Yes
Application	ibm	spectrum_virtualize_for_public_cloud	< 7.5.0.14	Yes
Application	ibm	spectrum_virtualize_for_public_cloud	< 7.7.1.9	Yes
Application	ibm	spectrum_virtualize_for_public_cloud	< 7.8.1.6	Yes
Application	ibm	spectrum_virtualize_for_public_cloud	< 8.1.1.2	Yes
Application	ibm	spectrum_virtualize_for_public_cloud	< 8.1.2.1	Yes

References

http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 Vendor Advisory ([email protected])
http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 Vendor Advisory ([email protected])
http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/104349 Third Party Advisory, VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/140397 VDB Entry, Vendor Advisory ([email protected])
http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/104349 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/140397 VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)