CVE-2018-1466 Information

Description

IBM SAN Volume Controller IBM Storwize IBM Spectrum Virtualize and IBM FlashSystem products (6.1 6.2 6.3 6.4 7.1 7.2 7.3 7.4 7.5 7.6 7.6.1 7.7 7.7.1 7.8 7.8.1 8.1 and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/140397

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3