1. Home
  2. CVE Database
  3. CVE-2018-1447
MEDIUM · 5.1

CVE-2018-1447

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of p...

Vulnerability Description

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.

CVSS Score

5.1

MEDIUM

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
IbmSpectrum Protect For Space Management>= 7.1.0.0, <= 7.1.8.1
IbmSpectrum Protect For Virtual Environments>= 7.1.0.0, <= 7.1.8.0
IbmSpectrum Protect Snapshot>= 4.1.0.0, <= 4.1.6.3

Related Weaknesses (CWE)

CWE-916

References

FAQ

What is CVE-2018-1447?

CVE-2018-1447 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of p...

How severe is CVE-2018-1447?

CVE-2018-1447 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1447?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Protect For Space Management, Ibm Spectrum Protect For Virtual Environments, Ibm Spectrum Protect Snapshot.