Vulnerability Name:

CVE-2018-1466

Assigned:2017-12-13
Published:2018-05-14
Updated:2018-05-17
Summary:IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.9 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
References:Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=ssg1S1012263

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=ssg1S1012282

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=ssg1S1012283

Source: XF
Type: UNKNOWN
ibm-storwize-cve20181466-info-disc(140397)

Vulnerable Configuration:
Configuration CCN 1:
  • cpe:/a:ibm:san_volume_controller:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:san_volume_controller:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:san_volume_controller:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:san_volume_controller:6.4:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    BACK
    ibm san volume controller 6.1
    ibm san volume controller 6.2
    ibm san volume controller 6.3
    ibm san volume controller 6.4