Weak Cryptographic Algorithms in IBM Storage Products
CVE-2018-1466

5.3MEDIUM

Key Information:

Summary

IBM SAN Volume Controller and related products have been found to use cryptographic algorithms that are weaker than expected. This vulnerability could potentially enable attackers to decrypt sensitive information, posing a significant risk to data confidentiality. Users of IBM's SAN Volume Controller, Storwize, Spectrum Virtualize, and FlashSystem products across various versions are urged to review security advisories and apply patches or mitigations where necessary to protect against potential exploitation.

Affected Version(s)

FlashSystem V9000 7.5

FlashSystem V9000 7.6

FlashSystem V9000 7.6.1

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.