What is CVE-2018-1447?

CVE-2018-1447 is a medium-severity vulnerability in Ibm Spectrum Protect. CVSS score: 5.1/10. Published 2018-04-04.

How severe is CVE-2018-1447?

Medium severity. CVSS v3 base score is 5.1 out of 10.

Vulnerability in Ibm Spectrum Protect

CVE-2018-1447

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recove…

EPSS: 0.001 (23.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.1 (Medium). Vector: CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:N/S:U/UI:N.

Affected products

Ibm Spectrum Protect — versions 8.1, 7.1
Ibm Spectrum Protect For Space Management — versions 8.1, 7.1
Ibm Spectrum Protect For Virtual Environments — versions 8.1, 7.1
Ibm Spectrum Protect Snapshot — versions 4.1.4, 4.1.6, 4.1.3

References

www.ibm.com/support/docview.wss (x_refsource_CONFIRM)
www.ibm.com/support/docview.wss (x_refsource_CONFIRM)
exchange.xforce.ibmcloud.com/vulnerabilities/139972 (x_refsource_MISC)
www.ibm.com/support/docview.wss (x_refsource_CONFIRM)
104511 (vdb-entry, x_refsource_BID)
1041012 (vdb-entry, x_refsource_SECTRACK)
www.ibm.com/support/docview.wss (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-1447?: CVE-2018-1447 is a medium-severity vulnerability in Ibm Spectrum Protect. CVSS score: 5.1/10. Published 2018-04-04.
How severe is CVE-2018-1447?: Medium severity. CVSS v3 base score is 5.1 out of 10.