7.5
CVE-2018-1785
- EPSS 1.13%
- Veröffentlicht 26.09.2018 15:29:01
- Zuletzt bearbeitet 21.11.2024 04:00:21
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Spectrum Protect Client Version >= 7.1.0.0 <= 7.1.8.3
Ibm ≫ Spectrum Protect Client Version >= 8.1.0.0 <= 8.1.4.1
Ibm ≫ Spectrum Protect For Virtual Environments SwPlatformhyper-v Version >= 7.1.0.0 <= 7.1.8.0
Ibm ≫ Spectrum Protect For Virtual Environments SwPlatformvmware Version >= 7.1.0.0 <= 7.1.8.2
Ibm ≫ Spectrum Protect For Virtual Environments SwPlatformhyper-v Version >= 8.1.0.0 <= 8.1.4.0
Ibm ≫ Spectrum Protect For Virtual Environments SwPlatformvmware Version >= 8.1.0.0 <= 8.1.4.1
Ibm ≫ Spectrum Protect Client Version >= 8.1.0.0 <= 8.1.4.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.13% | 0.621 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| psirt@us.ibm.com | 3.7 | 2.2 | 1.4 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
http://www.ibm.com/support/docview.wss?uid=ibm10729873
http://www.securitytracker.com/id/1041716
https://exchange.xforce.ibmcloud.com/vulnerabilities/148870