Lucene search

K
cvelistIbmCVELIST:CVE-2018-1447
HistoryMar 29, 2018 - 12:00 a.m.

CVE-2018-1447

2018-03-2900:00:00
ibm
www.cve.org
1

5.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.2%

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.

CNA Affected

[
  {
    "product": "Spectrum Protect",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.1"
      },
      {
        "status": "affected",
        "version": "8.1"
      }
    ]
  },
  {
    "product": "Spectrum Protect Snapshot",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "4.1.3"
      },
      {
        "status": "affected",
        "version": "4.1.4"
      },
      {
        "status": "affected",
        "version": "4.1.6"
      }
    ]
  },
  {
    "product": "Spectrum Protect for Virtual Environments",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.1"
      },
      {
        "status": "affected",
        "version": "8.1"
      }
    ]
  },
  {
    "product": "Spectrum Protect for Space Management",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.1"
      },
      {
        "status": "affected",
        "version": "8.1"
      }
    ]
  }
]

5.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.2%

Related for CVELIST:CVE-2018-1447