CVE-2017-1271

HIGH

IBM Security Guardium 9.0 9.1 9.5 - Inadequate Encryption Strength

Title source: llm

Description

IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 124746.

References (4)

Core 4

Core References

Issue Tracking, Vendor Advisory x_refsource_confirm

http://www.ibm.com/support/docview.wss?uid=swg22010435

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039961

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102034

Issue Tracking, VDB Entry, Vendor Advisory x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/124746

Scores

CVSS v3 7.5

EPSS 0.0084

EPSS Percentile 53.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-326

Status published

Products (6)

IBM/Security Guardium 9.0

IBM/Security Guardium 9.1

IBM/Security Guardium 9.5

ibm/security_guardium 9.0

ibm/security_guardium 9.1

ibm/security_guardium 9.5

Published Dec 07, 2017

Tracked Since Feb 18, 2026