8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
GSKit is an IBM component that is used by Host On-Demand. GSKit that is shipped with Host On-Demand contains security vulnerability. Host On-Demand has addressed it.
CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139972for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Host On-Demand 13.0
Host On-Demand 12.0, 12.0.0.1, 12.0.1, 12.0.2, 12.0.3
Product
|
VRMF
|
Remediation
—|—|—
Host On-Demand
|
12.0
|
Upgrade to Host On-Demand 12.0.4
Host On-Demand
|
12.0.0.1
|
Upgrade to Host On-Demand 12.0.4
Host On-Demand
|
12.0.1
|
Upgrade to Host On-Demand 12.0.4
Host On-Demand
|
12.0.2
|
Upgrade to Host On-Demand 12.0.4
Host On-Demand
|
12.0.3
|
Upgrade to Host On-Demand 12.0.4
Host On-Demand
|
13.0
|
Upgrade to Host On-Demand 13.0.1
None
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N