CVE-2018-1447 MEDIUM

CVE-2018-1447

Vendor Ibm
Product Spectrum Protect
Published April 4, 2018
Last update September 17, 2024

CVSS base score

5.1/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:N/S:U/UI:N

What the vulnerability does

01Description

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.

Key dates

02Disclosure timeline

April 4, 2018 CVE published
September 17, 2024 Record updated