3 matches found
Security Bulletin: Arcfour vulnerability issue in IBM Storwize V7000 Unified
Summary IBM Storwize V7000 Unified was shipped with Arcfour which uses weak client-to-server encryption algorithms, for which fix is available. Vulnerability Details CVEID: CVE-2017-1375 DESCRIPTION: IBM System Storage Storwize V7000 Unified V7000U uses weaker than expected cryptographic algorith...
IBM Storwize 1.5.x / 1.6.x < 1.6.2.0 RC4 Initial Keystream Bias Vulnerability (CVE-2017-1375)
According to its self-reported version number, the IBM Storwize server running on the remote host uses a weak encryption algorithm that contains a flaw in the initial keystream generation that introduces several types of biases. These can be used in a cryptanalysis attack to disclose sensitive...
CVE-2017-1375
CVE-2017-1375 affects IBM Storwize V7000 Unified (V7000U) 1.5 to 1.6, where use of weaker cryptographic algorithms could allow an attacker to decrypt highly sensitive information. IBM’s bulletin notes that a fix is available in v1.6.2.0 (1.5 is EOS); apply the upgrade to mitigate. The issue is do...