IBM338A22C63DE57163FD970F940DCB41A3DA44B202005C98E9C9CD4D9596F72C6ASecurity Bulletin: IBM Spectrum Copy Data Management uses weaker than expected cryptographic algorithms
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
42.8%
Summary
IBM SCDM allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections.
Vulnerability Details
CVEID:CVE-2023-38730
**DESCRIPTION:**IBM Storage Copy Data Management uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262268 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Copy Data Management | 2.2.0.0 - 2.2.19.0 |
Remediation/Fixes
Affected Versions|**Fixing
**Level|Platform|**Link to Fix and Instructions
**
—|—|—|—
2.2.0.0 - 2.2.19.0| 2.2.20.0| Linux| <https://www.ibm.com/support/pages/node/6988949>
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | spectrum_copy_data_management | 2.2 | cpe:2.3:a:ibm:spectrum_copy_data_management:2.2:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
42.8%