CVE-2018-1466
Summary
| CVE | CVE-2018-1466 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-05-17 21:29:00 UTC |
| Updated | 2020-08-19 19:02:00 UTC |
| Description | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397. |
Risk And Classification
Problem Types: CWE-326
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ibm | San Volume Controller | - | All | All | All |
| Hardware | Ibm | San Volume Controller | - | All | All | All |
| Operating System | Ibm | San Volume Controller Firmware | All | All | All | All |
| Operating System | Ibm | San Volume Controller Firmware | All | All | All | All |
| Application | Ibm | Spectrum Virtualize | All | All | All | All |
| Application | Ibm | Spectrum Virtualize | All | All | All | All |
| Application | Ibm | Spectrum Virtualize For Public Cloud | All | All | All | All |
| Application | Ibm | Spectrum Virtualize For Public Cloud | All | All | All | All |
| Hardware | Ibm | Storwize V3500 | - | All | All | All |
| Hardware | Ibm | Storwize V3500 | - | All | All | All |
| Operating System | Ibm | Storwize V3500 Firmware | All | All | All | All |
| Operating System | Ibm | Storwize V3500 Firmware | All | All | All | All |
| Hardware | Ibm | Storwize V3700 | - | All | All | All |
| Hardware | Ibm | Storwize V3700 | - | All | All | All |
| Operating System | Ibm | Storwize V3700 Firmware | All | All | All | All |
| Operating System | Ibm | Storwize V3700 Firmware | All | All | All | All |
| Hardware | Ibm | Storwize V5000 | - | All | All | All |
| Hardware | Ibm | Storwize V5000 | - | All | All | All |
| Operating System | Ibm | Storwize V5000 Firmware | All | All | All | All |
| Operating System | Ibm | Storwize V5000 Firmware | All | All | All | All |
| Hardware | Ibm | Storwize V7000 | - | All | All | All |
| Hardware | Ibm | Storwize V7000 | - | All | All | All |
| Operating System | Ibm | Storwize V7000 Firmware | All | All | All | All |
| Operating System | Ibm | Storwize V7000 Firmware | All | All | All | All |
| Hardware | Ibm | Storwize V9000 | - | All | All | All |
| Hardware | Ibm | Storwize V9000 | - | All | All | All |
| Operating System | Ibm | Storwize V9000 Firmware | All | All | All | All |
| Operating System | Ibm | Storwize V9000 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Bulletin: Multiple vulnerabilities affect the IBM FlashSystem models 840 and 900 | CONFIRM | www.ibm.com | Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | VDB Entry, Vendor Advisory |
| Security Bulletin: Multiple vulnerabilities affect the IBM FlashSystem model V840 | CONFIRM | www.ibm.com | Vendor Advisory |
| Security Bulletin: Multiple vulnerabilities in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products | CONFIRM | www.ibm.com | Vendor Advisory |
| Multiple IBM Products Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.