CVE-2018-1466

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.

Published: May 17, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-1466
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

CWE-326

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
ibm / storwize_v7000_firmware	6.1.0.0	7.5.0.14
ibm / storwize_v7000_firmware	7.7.0.0	7.7.1.9
ibm / storwize_v7000_firmware	7.8.0.0	7.8.1.6
ibm / storwize_v7000_firmware	8.1.1.0	8.1.1.2
ibm / storwize_v7000_firmware	8.1.2.0	8.1.2.1
ibm / storwize_v5000_firmware	6.1.0.0	7.5.0.14
ibm / storwize_v5000_firmware	7.7.0.0	7.7.1.9
ibm / storwize_v5000_firmware	7.8.0.0	7.8.1.6
ibm / storwize_v5000_firmware	8.1.1.0	8.1.1.2
ibm / storwize_v5000_firmware	8.1.2.0	8.1.2.1
ibm / storwize_v3700_firmware	6.1.0.0	7.5.0.14
ibm / storwize_v3700_firmware	7.7.0.0	7.7.1.9
ibm / storwize_v3700_firmware	7.8.0.0	7.8.1.6
ibm / storwize_v3700_firmware	8.1.1.0	8.1.1.2
ibm / storwize_v3700_firmware	8.1.2.0	8.1.2.1
ibm / storwize_v3500_firmware	6.1.0.0	7.5.0.14
ibm / storwize_v3500_firmware	7.7.0.0	7.7.1.9
ibm / storwize_v3500_firmware	7.8.0.0	7.8.1.6
ibm / storwize_v3500_firmware	8.1.1.0	8.1.1.2
ibm / storwize_v3500_firmware	8.1.2.0	8.1.2.1
ibm / storwize_v9000_firmware	6.1.0.0	7.5.0.14
ibm / storwize_v9000_firmware	7.7.0.0	7.7.1.9
ibm / storwize_v9000_firmware	7.8.0.0	7.8.1.6
ibm / storwize_v9000_firmware	8.1.1.0	8.1.1.2
ibm / storwize_v9000_firmware	8.1.2.0	8.1.2.1
ibm / san_volume_controller_firmware	6.1.0.0	7.5.0.14
ibm / san_volume_controller_firmware	7.7.0.0	7.7.1.9
ibm / san_volume_controller_firmware	7.8.0.0	7.8.1.6
ibm / san_volume_controller_firmware	8.1.1.0	8.1.1.2
ibm / san_volume_controller_firmware	8.1.2.0	8.1.2.1
ibm / spectrum_virtualize	8.1.2.0	8.1.2.1
ibm / spectrum_virtualize	8.1.1.0	8.1.1.2
ibm / spectrum_virtualize	7.8.0.0	7.8.1.6
ibm / spectrum_virtualize	7.7.0.0	7.7.1.9
ibm / spectrum_virtualize	6.1.0.0	7.5.0.14
ibm / spectrum_virtualize_for_public_cloud	8.1.2.0	8.1.2.1
ibm / spectrum_virtualize_for_public_cloud	8.1.1.0	8.1.1.2
ibm / spectrum_virtualize_for_public_cloud	7.8.0.0	7.8.1.6
ibm / spectrum_virtualize_for_public_cloud	7.7.0.0	7.7.1.9
ibm / spectrum_virtualize_for_public_cloud	6.1.0.0	7.5.0.14

Vulnerability Database

289,599

CVE-2018-1466