CVE-2018-1545Inadequate Encryption Strength in IBM Spectrum Protect Client

CWE-326Inadequate Encryption Strength3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 71.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Spectrum Protect ClientIBM Spectrum Protect FOR Virtual EnvironmentsIBM Spectrum Protect
Timeline
PublishedSep 26
Latest updateMay 13

Description

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDibm/spectrum_protect7.1.0.07.1.8.0+3
NVDibm/spectrum_protect_client7.1.0.07.1.8.2+2
CVEListV5ibm/spectrum_protect7.1, 8.1+1

🔴Vulnerability Details

2
GHSA
GHSA-mjh9-7rc2-mx92: IBM Tivoli Storage Manager (IBM Spectrum Protect 72022-05-13
CVEList
CVE-2018-1545: IBM Tivoli Storage Manager (IBM Spectrum Protect 72018-09-26
CVE-2018-1545 — Inadequate Encryption Strength in IBM | cvebase