| Vulnerability Name: | CVE-2018-1428 (CCN-139073) | ||||||||||||
| Assigned: | 2017-12-13 | ||||||||||||
| Published: | 2018-03-15 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073. | ||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-327 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-1428 Source: CCN Type: IBM Security Bulletin 0713555 (Security Network Intrusion Prevention System) IBM Security Network Intrusion Prevention System is affected by multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 0713561 (Security SiteProtector System) IBM Security SiteProtector System is affected by GSKit vulnerabilities Source: CCN Type: IBM Security Bulletin 0713787 (Security AppScan Enterprise) Multiple security vulnerabilities in GSKit and GSKit-Crypto affect IBM Security AppScan Enterprise Source: CCN Type: IBM Security Bulletin 0717133 (Workload Automation) Multiple vulnerabilities in GSKit affect IBM Workload Scheduler Source: CCN Type: IBM Security Bulletin 718249 (PureData System for Analytics) Multiple vulnerabilities in IBM HTTP Server affects Netezza Performance Portal Source: CCN Type: IBM Security Bulletin 718773 (Endpoint Manager for Lifecycle Management) Server Automation is affected by the following GSKit vulnerabilities (CVE-2018-1447, CVE-2018-1427, CVE-2018-1428) Source: CCN Type: IBM Security Bulletin 719379 (API Connect) IBM API Connect is affected by multiple GSKit and OpenSSL vulnerabilities Source: CCN Type: IBM Security Bulletin 957781 (Security Privileged Identity Manager) IBM Security Privileged Identity Manager is affected by multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 964993 (Informix) IBM Informix Client SDK is affected by GSKIT vulnerabilities Source: CCN Type: IBM Security Bulletin T1027495 (Cloud Manager with Openstack) IBM Cloud Manager with OpenStack is affected by GSKit Source: CCN Type: IBM Security Bulletin 1974627 (Tivoli Netcool/OMNIbus) Multiple vulnerabilities in the GSKit component of Tivoli Netcool/OMNIbus Source: CCN Type: IBM Security Bulletin 2013756 (DB2 for Linux, UNIX and Windows) IBM Db2 is affected by multiple vulnerabilities in the GSKit library Source: CONFIRM Type: Vendor Advisory http://www.ibm.com/support/docview.wss?uid=swg22013756 Source: CCN Type: IBM Security Bulletin 2014202 (Cognos Business Intelligence) IBM Cognos Business Intelligence Server 2018Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. Source: CCN Type: IBM Security Bulletin 2014651 (MQ) IBM MQ and WebSphere MQ are affected by multiple vulnerabilities in OpenSSL and GSKit. Source: CCN Type: IBM Security Bulletin 2014669 (Spectrum Protect) Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) Client Source: CCN Type: IBM Security Bulletin 2014720 (Cognos Business Intelligence) IBM Cognos Metrics Manager 2018 Q1 Security Update: IBM Cognos Metrics Manager is affected by multiple vulnerabilities. Source: CCN Type: IBM Security Bulletin 2014788 (Content Collector for SAP Applications) IBM Content Collector for SAP Applications is affected by GSKit and GSKit-Crypto vulnerabilities Source: CCN Type: IBM Security Bulletin 2014957 (Spectrum Protect for Space Management) Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Space Management Source: CCN Type: IBM Security Bulletin 2015066 (Spectrum Protect for Virtual Environments) Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware Source: CCN Type: IBM Security Bulletin 2015071 (Spectrum Protect Snapshot) Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware Source: CCN Type: IBM Security Bulletin 2015077 (Spectrum Protect Snapshot) Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Unix Source: CCN Type: IBM Security Bulletin 2015080 (Spectrum Protect) Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) Server Source: CCN Type: IBM Security Bulletin 2015211 (Spectrum Protect for Workstations) Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manager FastBack for Workstations) Source: CCN Type: IBM Security Bulletin 2015252 (SPSS Statistics) IBM SPSS Statistics is affected by multiple GSKit vulnerabilities Source: CCN Type: IBM Security Bulletin 2015304 (Spectrum Protect for Virtual Environments) Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V Source: CCN Type: IBM Security Bulletin 2015424 (Tivoli Monitoring V6) Multiple vulnerabilities affect the GSKit component of IBM Tivoli Monitoring Source: CCN Type: IBM Security Bulletin 2015501 (Tivoli Storage Manager FastBack) Multiple vulnerabilities in the IBM GSKit component of IBM Tivoli Storage Manager FastBack Source: CCN Type: IBM Security Bulletin 2015510 (Cognos Controller) IBM Cognos Controller 2018Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller Source: CCN Type: IBM Security Bulletin 2015603 (Algo One) Algo One Core is affected by GSKit vulnerabilities. Source: CCN Type: IBM Security Bulletin 2016091 (Monitoring) Vulnerabilities in IBM GSKit and IBM GSKit-Crypto affect IBM Performance Management products Source: CCN Type: IBM Security Bulletin 2016372 (Planning Analytics Local) Multiple vulnerabilities exist in IBM Planning Analytics Local Source: CCN Type: IBM Security Bulletin 2016549 (Security Network Protection) IBM Security Network Protection is affected by multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 2016890 (Security Access Manager) IBM Security Access Manager is affected by multiple vulnerabilities in GSKit Source: BID Type: Third Party Advisory, VDB Entry 103574 Source: CCN Type: BID-103574 IBM DB2 CVE-2018-1428 Local Information Disclosure Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1041012 Source: MISC Type: Third Party Advisory, VDB Entry, Vendor Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/139073 Source: XF Type: UNKNOWN ibm-gskit-cve20181428-info-disc(139073) Source: CCN Type: IBM Security Bulletin 726039 (DataPower Gateway CD) WebSphere DataPower Appliances is affected by multiple issues Source: CCN Type: IBM Security Bulletin 738249 (Cognos Analytics) Multiple Vulnerabilities in IBM Cognos Analytics Source: CCN Type: IBM Security Bulletin 2014741 (FileNet Image Services) IBM FileNet Image Services is affected by GSKit and GSKit-Crypto vulnerabilities Source: CCN Type: IBM Security Bulletin 2014742 (eDiscovery Manager) eDiscovery Manager is affected by GSKit and GSKit-Crypto vulnerabilities | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||