CVE-2018-1466

MEDIUM

IBM SAN Volume Controller et al <8.1.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.

References (5)

Core 5
Core References
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/140397
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=ssg1S1012282
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104349
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=ssg1S1012263
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=ssg1S1012283

Scores

CVSS v3 5.3
EPSS 0.0084
EPSS Percentile 53.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-326
Status published
Products (8)
ibm/san_volume_controller_firmware 6.1.0.0 - 7.5.0.14
ibm/spectrum_virtualize 6.1.0.0 - 7.5.0.14
ibm/spectrum_virtualize_for_public_cloud 6.1.0.0 - 7.5.0.14
ibm/storwize_v3500_firmware 6.1.0.0 - 7.5.0.14
ibm/storwize_v3700_firmware 6.1.0.0 - 7.5.0.14
ibm/storwize_v5000_firmware 6.1.0.0 - 7.5.0.14
ibm/storwize_v7000_firmware 6.1.0.0 - 7.5.0.14
ibm/storwize_v9000_firmware 6.1.0.0 - 7.5.0.14
Published May 17, 2018
Tracked Since Feb 18, 2026