5.3
CVE-2018-1466
- EPSS 0.12%
- Published 17.05.2018 21:29:00
- Last modified 21.11.2024 03:59:52
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Storwize V7000 Firmware Version >= 6.1.0.0 < 7.5.0.14
Ibm ≫ Storwize V7000 Firmware Version >= 7.7.0.0 < 7.7.1.9
Ibm ≫ Storwize V7000 Firmware Version >= 7.8.0.0 < 7.8.1.6
Ibm ≫ Storwize V7000 Firmware Version >= 8.1.1.0 < 8.1.1.2
Ibm ≫ Storwize V7000 Firmware Version >= 8.1.2.0 < 8.1.2.1
Ibm ≫ Storwize V5000 Firmware Version >= 6.1.0.0 < 7.5.0.14
Ibm ≫ Storwize V5000 Firmware Version >= 7.7.0.0 < 7.7.1.9
Ibm ≫ Storwize V5000 Firmware Version >= 7.8.0.0 < 7.8.1.6
Ibm ≫ Storwize V5000 Firmware Version >= 8.1.1.0 < 8.1.1.2
Ibm ≫ Storwize V5000 Firmware Version >= 8.1.2.0 < 8.1.2.1
Ibm ≫ Storwize V3700 Firmware Version >= 6.1.0.0 < 7.5.0.14
Ibm ≫ Storwize V3700 Firmware Version >= 7.7.0.0 < 7.7.1.9
Ibm ≫ Storwize V3700 Firmware Version >= 7.8.0.0 < 7.8.1.6
Ibm ≫ Storwize V3700 Firmware Version >= 8.1.1.0 < 8.1.1.2
Ibm ≫ Storwize V3700 Firmware Version >= 8.1.2.0 < 8.1.2.1
Ibm ≫ Storwize V3500 Firmware Version >= 6.1.0.0 < 7.5.0.14
Ibm ≫ Storwize V3500 Firmware Version >= 7.7.0.0 < 7.7.1.9
Ibm ≫ Storwize V3500 Firmware Version >= 7.8.0.0 < 7.8.1.6
Ibm ≫ Storwize V3500 Firmware Version >= 8.1.1.0 < 8.1.1.2
Ibm ≫ Storwize V3500 Firmware Version >= 8.1.2.0 < 8.1.2.1
Ibm ≫ Storwize V9000 Firmware Version >= 6.1.0.0 < 7.5.0.14
Ibm ≫ Storwize V9000 Firmware Version >= 7.7.0.0 < 7.7.1.9
Ibm ≫ Storwize V9000 Firmware Version >= 7.8.0.0 < 7.8.1.6
Ibm ≫ Storwize V9000 Firmware Version >= 8.1.1.0 < 8.1.1.2
Ibm ≫ Storwize V9000 Firmware Version >= 8.1.2.0 < 8.1.2.1
Ibm ≫ San Volume Controller Firmware Version >= 6.1.0.0 < 7.5.0.14
Ibm ≫ San Volume Controller Firmware Version >= 7.7.0.0 < 7.7.1.9
Ibm ≫ San Volume Controller Firmware Version >= 7.8.0.0 < 7.8.1.6
Ibm ≫ San Volume Controller Firmware Version >= 8.1.1.0 < 8.1.1.2
Ibm ≫ San Volume Controller Firmware Version >= 8.1.2.0 < 8.1.2.1
Ibm ≫ Spectrum Virtualize Version >= 6.1.0.0 < 7.5.0.14
Ibm ≫ Spectrum Virtualize Version >= 7.7.0.0 < 7.7.1.9
Ibm ≫ Spectrum Virtualize Version >= 7.8.0.0 < 7.8.1.6
Ibm ≫ Spectrum Virtualize Version >= 8.1.1.0 < 8.1.1.2
Ibm ≫ Spectrum Virtualize Version >= 8.1.2.0 < 8.1.2.1
Ibm ≫ Spectrum Virtualize For Public Cloud Version >= 6.1.0.0 < 7.5.0.14
Ibm ≫ Spectrum Virtualize For Public Cloud Version >= 7.7.0.0 < 7.7.1.9
Ibm ≫ Spectrum Virtualize For Public Cloud Version >= 7.8.0.0 < 7.8.1.6
Ibm ≫ Spectrum Virtualize For Public Cloud Version >= 8.1.1.0 < 8.1.1.2
Ibm ≫ Spectrum Virtualize For Public Cloud Version >= 8.1.2.0 < 8.1.2.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.12% | 0.321 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:P/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.