GSKit is an IBM component that is used by Host On-Demand. GSKit that is shipped with Host On-Demand contains security vulnerability. Host On-Demand has addressed it.
CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139972for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Host On-Demand 13.0
Host On-Demand 12.0, 12.0.0.1, 12.0.1, 12.0.2, 12.0.3
Product
|
VRMF
|
Remediation
โ|โ|โ
Host On-Demand
|
12.0
|
Upgrade to Host On-Demand 12.0.4
Host On-Demand
|
12.0.0.1
|
Upgrade to Host On-Demand 12.0.4
Host On-Demand
|
12.0.1
|
Upgrade to Host On-Demand 12.0.4
Host On-Demand
|
12.0.2
|
Upgrade to Host On-Demand 12.0.4
Host On-Demand
|
12.0.3
|
Upgrade to Host On-Demand 12.0.4
Host On-Demand
|
13.0
|
Upgrade to Host On-Demand 13.0.1
None