CVE-2018-1466

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
ibmstorwize_v7000_firmware
6.1.0.0 ≤
𝑥
< 7.5.0.14
ibmstorwize_v7000_firmware
7.7.0.0 ≤
𝑥
< 7.7.1.9
ibmstorwize_v7000_firmware
7.8.0.0 ≤
𝑥
< 7.8.1.6
ibmstorwize_v7000_firmware
8.1.1.0 ≤
𝑥
< 8.1.1.2
ibmstorwize_v7000_firmware
8.1.2.0 ≤
𝑥
< 8.1.2.1
ibmstorwize_v5000_firmware
6.1.0.0 ≤
𝑥
< 7.5.0.14
ibmstorwize_v5000_firmware
7.7.0.0 ≤
𝑥
< 7.7.1.9
ibmstorwize_v5000_firmware
7.8.0.0 ≤
𝑥
< 7.8.1.6
ibmstorwize_v5000_firmware
8.1.1.0 ≤
𝑥
< 8.1.1.2
ibmstorwize_v5000_firmware
8.1.2.0 ≤
𝑥
< 8.1.2.1
ibmstorwize_v3700_firmware
6.1.0.0 ≤
𝑥
< 7.5.0.14
ibmstorwize_v3700_firmware
7.7.0.0 ≤
𝑥
< 7.7.1.9
ibmstorwize_v3700_firmware
7.8.0.0 ≤
𝑥
< 7.8.1.6
ibmstorwize_v3700_firmware
8.1.1.0 ≤
𝑥
< 8.1.1.2
ibmstorwize_v3700_firmware
8.1.2.0 ≤
𝑥
< 8.1.2.1
ibmstorwize_v3500_firmware
6.1.0.0 ≤
𝑥
< 7.5.0.14
ibmstorwize_v3500_firmware
7.7.0.0 ≤
𝑥
< 7.7.1.9
ibmstorwize_v3500_firmware
7.8.0.0 ≤
𝑥
< 7.8.1.6
ibmstorwize_v3500_firmware
8.1.1.0 ≤
𝑥
< 8.1.1.2
ibmstorwize_v3500_firmware
8.1.2.0 ≤
𝑥
< 8.1.2.1
ibmstorwize_v9000_firmware
6.1.0.0 ≤
𝑥
< 7.5.0.14
ibmstorwize_v9000_firmware
7.7.0.0 ≤
𝑥
< 7.7.1.9
ibmstorwize_v9000_firmware
7.8.0.0 ≤
𝑥
< 7.8.1.6
ibmstorwize_v9000_firmware
8.1.1.0 ≤
𝑥
< 8.1.1.2
ibmstorwize_v9000_firmware
8.1.2.0 ≤
𝑥
< 8.1.2.1
ibmsan_volume_controller_firmware
6.1.0.0 ≤
𝑥
< 7.5.0.14
ibmsan_volume_controller_firmware
7.7.0.0 ≤
𝑥
< 7.7.1.9
ibmsan_volume_controller_firmware
7.8.0.0 ≤
𝑥
< 7.8.1.6
ibmsan_volume_controller_firmware
8.1.1.0 ≤
𝑥
< 8.1.1.2
ibmsan_volume_controller_firmware
8.1.2.0 ≤
𝑥
< 8.1.2.1
ibmspectrum_virtualize
6.1.0.0 ≤
𝑥
< 7.5.0.14
ibmspectrum_virtualize
7.7.0.0 ≤
𝑥
< 7.7.1.9
ibmspectrum_virtualize
7.8.0.0 ≤
𝑥
< 7.8.1.6
ibmspectrum_virtualize
8.1.1.0 ≤
𝑥
< 8.1.1.2
ibmspectrum_virtualize
8.1.2.0 ≤
𝑥
< 8.1.2.1
ibmspectrum_virtualize_for_public_cloud
6.1.0.0 ≤
𝑥
< 7.5.0.14
ibmspectrum_virtualize_for_public_cloud
7.7.0.0 ≤
𝑥
< 7.7.1.9
ibmspectrum_virtualize_for_public_cloud
7.8.0.0 ≤
𝑥
< 7.8.1.6
ibmspectrum_virtualize_for_public_cloud
8.1.1.0 ≤
𝑥
< 8.1.1.2
ibmspectrum_virtualize_for_public_cloud
8.1.2.0 ≤
𝑥
< 8.1.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=ssg1S1012263
http://www.ibm.com/support/docview.wss?uid=ssg1S1012282
http://www.ibm.com/support/docview.wss?uid=ssg1S1012283
http://www.securityfocus.com/bid/104349
https://exchange.xforce.ibmcloud.com/vulnerabilities/140397
http://www.ibm.com/support/docview.wss?uid=ssg1S1012263
http://www.ibm.com/support/docview.wss?uid=ssg1S1012282
http://www.ibm.com/support/docview.wss?uid=ssg1S1012283
http://www.securityfocus.com/bid/104349
https://exchange.xforce.ibmcloud.com/vulnerabilities/140397