Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM67AFADBAEB2E411CA50084190A35F4DAB8E622125BE85851D741B447BE13A2CF
HistoryAug 03, 2018 - 12:29 p.m.

Security Bulletin:A vulnerability in GSKit and GSKit-Crypto affects IBM Performance Management products (CVE-2018-1447)

2018-08-0312:29:43
www.ibm.com
18

EPSS

0.005

Percentile

76.2%

JSON

Summary

A vulnerability in GSKit and GSKit-Crypto affects IBM Performance Management products. The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action.

Vulnerability Details

CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action.

CVSS Base Score: 5.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139972&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Monitoring 8.1.3
IBM Advanced Diagnostics 8.1.3
IBM Application Performance Management 8.1.3
IBM Application Performance Management Advanced 8.1.3
IBM Application Performance Management, Base Private 8.1.4
IBM Application Performance Management, Advanced Private 8.1.4

Remediation/Fixes

Product

| Product
VRMF | Remediation
โ€”|โ€”|โ€”
IBM Monitoring

IBM Application Diagnostics
IBM Application Performance Management
IBM Application Performance Management Advanced

| 8.1.3

| The vulnerabilities can be remediated by applying the following 8.1.3.0-IBM-IPM-SERVER-IF0012 server patch to the system where the Performance Management server is installed: http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003854
IBM Cloud Application Performance Management Base Private

IBM Cloud Application Performance Management Advanced Private

| 8.1.4 | The vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0004 server patch to the system where the Cloud APM server is installed: http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003783

Workarounds and Mitigations

None

Related

ibm 61
cve 1
nvd 1
cvelist 1
prion 1
aix 1
nessus 1
ibm
ibm
Security Bulletin: Vulnerability IBM GSKit affect IBM Host On-Demand
2018-07-26 21:03:10
Security Bulletin: IBM Communications Server for Data Center Deployment, IBM Communications Server for AIX, IBM Communications Server for Linux, and IBM Communications Server for Linux on System z are affected by a vulnerability.
2018-08-03 05:08:10
Security Bulletin: Vulnerability in IBM GSKit affect IBM Personal Communications
2018-07-26 21:05:18
cve
cve
CVE-2018-1447
2018-04-04 18:29:02
nvd
nvd
CVE-2018-1447
2018-04-04 18:29:02
cvelist
cvelist
CVE-2018-1447
2018-04-04 18:00:00
prion
prion
Default credentials
2018-04-04 18:29:00
aix
aix
Vulnerabilities in GSKit affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX
2018-12-14 12:09:04
nessus
nessus
IBM HTTP Server 7.0.0.0 <= 7.0.0.43 / 8.0.0.0 <= 8.0.0.14 / 8.5.0.0 < 8.5.5.14 / 9.0.0.0 < 9.0.0.8 Multiple Vulnerabilities (569301)
2021-01-06 00:00:00

EPSS

0.005

Percentile

76.2%

JSON
Related for 67AFADBAEB2E411CA50084190A35F4DAB8E622125BE85851D741B447BE13A2CF
ibm61cve1nvd1cvelist1prion1aix1nessus1