CVE-2018-1447 vulnerability in IBM Products
Published on April 4, 2018

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.

NVD

Products Associated with CVE-2018-1447

Want to know whenever a new CVE is published for IBM products? stack.watch will email you.

IBM Spectrum Protect Space Management

IBM Spectrum Protect Virtual Environments

IBM Spectrum Protect Snapshot

IBM Spectrum Protect

Affected Versions

IBM Spectrum Protect:

Version 7.1 is affected.
Version 8.1 is affected.

IBM Spectrum Protect Snapshot:

Version 4.1.3 is affected.
Version 4.1.4 is affected.
Version 4.1.6 is affected.

IBM Spectrum Protect for Virtual Environments:

Version 7.1 is affected.
Version 8.1 is affected.

IBM Spectrum Protect for Space Management:

Version 7.1 is affected.
Version 8.1 is affected.

Exploit Probability

EPSS

0.08%

Percentile

23.62%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1447 vulnerability in IBM ProductsPublished on April 4, 2018

Products Associated with CVE-2018-1447

Affected Versions

Exploit Probability

CVE-2018-1447 vulnerability in IBM Products
Published on April 4, 2018