9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
IBM Security SiteProtector System has addressed the following vulnerabilities in GSKit.
CVEID:CVE-2018-1428
**DESCRIPTION:*IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139073> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2018-1427
**DESCRIPTION:*IBM GSKit contains several enviornment variables that a local attacker could overflow and cause a denial of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139072> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2018-1426
**DESCRIPTION:*IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139071> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action.
CVSS Base Score: 5.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139972> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected IBM Security SiteProtector System | Affected Versions |
---|---|
IBM Security SiteProtector System | 3.0.0 |
IBM Security SiteProtector System | 3.1.1 |
Product | VRMF | Remediation/First Fix |
---|---|---|
IBM Security SiteProtector System | 3.1.1.16 |
Apply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view:
ServicePack3_1_1_16.xpu
AgentManager_WINNT_XXX_ST_3_1_1_52.xpu
RSEvntCol_WINNT_XXX_ST_3_1_1_10.xpu
DB_SP_3_1_1_65.xpu
UpdateServer_3_1_1_11.pkg
MU_3_1_1_8.xpu
ManualUpgrader_3_1_1_8.exe
CertificateManagerTools_3_1_1_6.exe
EventArchiver_3_1_1_7.pkg
EventArchiverImporter_3_1_1_7.exe
Console-Setup.exe
IBM Security SiteProtector System | 3.0.0.19 |
Apply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view:
ServicePack3_0_0_19.xpu
AgentManager_WINNT_XXX_ST_3_0_0_83.xpu
RSEvntCol_WINNT_XXX_ST_3_0_0_16.xpu
DB_SP_3_0_0_82.xpu
UpdateServer_3_1_1_11.pkg
MU_3_1_1_8.xpu
ManualUpgrader_3_1_1_8.exe
CertificateManagerTools_3_1_1_6.exe
EventArchiver_3_1_1_7.pkg
EventArchiverImporter_3_1_1_7.exe
Console-Setup.exe
Alternatively, the packages can be manually obtained from the IBM Security License Key and Download Center using the following URL:
<https://ibmss.flexnetoperations.com/service/ibms/login>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security siteprotector system | eq | any |
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N