Weak Cryptographic Algorithms in IBM Storage Products
CVE-2018-1466
5.3MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 17 May 2018
Summary
IBM SAN Volume Controller and related products have been found to use cryptographic algorithms that are weaker than expected. This vulnerability could potentially enable attackers to decrypt sensitive information, posing a significant risk to data confidentiality. Users of IBM's SAN Volume Controller, Storwize, Spectrum Virtualize, and FlashSystem products across various versions are urged to review security advisories and apply patches or mitigations where necessary to protect against potential exploitation.
Affected Version(s)
FlashSystem V9000 7.5
FlashSystem V9000 7.6
FlashSystem V9000 7.6.1
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved