IBM Spectrum Protect Server allows Triple DES (3DES) ciphers to be used. This can result in the use of weaker than expected cryptographic algorithms.
CVEID:CVE-2018-1785
**DESCRIPTION:**IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148870 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Server | 8.1.0.000-8.1.10.xxx |
7.1.0.000-7.1.11.xxx |
Spectrum Protect Server Release|First Fixing VRM Level|**APAR
**|Platform|Link to Fix
—|—|—|—|—
8.1| 8.1.11.000| IT33040| AIX
Linux
Windows| <https://www.ibm.com/support/pages/node/6368255>
7.1| 7.1.12.000| IT33040| AIX
HP-UX
Linux
Solaris
Windows| <https://www.ibm.com/support/pages/node/6368029>
None