IBM4F33075E39D688CFD0C9322CB1B29F04A76D47F406392745F8F99E12622B1968Security Bulletin: IBM Spectrum Protect Server allows Triple DES (3DES) ciphers to be used (CVE-2018-1785)
0.002 Low
EPSS
Percentile
56.3%
Summary
IBM Spectrum Protect Server allows Triple DES (3DES) ciphers to be used. This can result in the use of weaker than expected cryptographic algorithms.
Vulnerability Details
CVEID:CVE-2018-1785
**DESCRIPTION:**IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148870 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Protect Server | 8.1.0.000-8.1.10.xxx |
| 7.1.0.000-7.1.11.xxx |
Remediation/Fixes
Spectrum Protect Server Release|First Fixing VRM Level|**APAR
**|Platform|Link to Fix
—|—|—|—|—
8.1| 8.1.11.000| IT33040| AIX
Linux
Windows| <https://www.ibm.com/support/pages/node/6368255>
7.1| 7.1.12.000| IT33040| AIX
HP-UX
Linux
Solaris
Windows| <https://www.ibm.com/support/pages/node/6368029>
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm spectrum protect | eq | 8.1 | |
| ibm spectrum protect | eq | 7.1 |
Related
0.002 Low
EPSS
Percentile
56.3%