Weak Cryptographic Algorithms in IBM Storage Products
CVE-2018-1466

5.3MEDIUM

Key Information:

Vendor

IBM
Status
San Volume Controller
Storwize V5000
Spectrum Virtualize Software
Storwize V7000 (2076)
Vendor
CVE Published:
17 May 2018

What is CVE-2018-1466?

IBM SAN Volume Controller and related products have been found to use cryptographic algorithms that are weaker than expected. This vulnerability could potentially enable attackers to decrypt sensitive information, posing a significant risk to data confidentiality. Users of IBM's SAN Volume Controller, Storwize, Spectrum Virtualize, and FlashSystem products across various versions are urged to review security advisories and apply patches or mitigations where necessary to protect against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FlashSystem V9000 7.5

FlashSystem V9000 7.6

FlashSystem V9000 7.6.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/140397
vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=ssg1S1012282
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104349
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.