Weak Cryptographic Algorithms in IBM Storage Products
CVE-2018-1466

5.3MEDIUM

Key Information:

Vendor
IBM
Status
San Volume Controller
Storwize V5000
Spectrum Virtualize Software
Storwize V7000 (2076)
Vendor
CVE Published:
17 May 2018

Summary

IBM SAN Volume Controller and related products have been found to use cryptographic algorithms that are weaker than expected. This vulnerability could potentially enable attackers to decrypt sensitive information, posing a significant risk to data confidentiality. Users of IBM's SAN Volume Controller, Storwize, Spectrum Virtualize, and FlashSystem products across various versions are urged to review security advisories and apply patches or mitigations where necessary to protect against potential exploitation.

Affected Version(s)

FlashSystem V9000 7.5

FlashSystem V9000 7.6

FlashSystem V9000 7.6.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/140397
vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=ssg1S1012282
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104349
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.