1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
4.2 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
19.6%
IBM FlashSystem 9100 systems and Storwize V7000 2076-724 (Gen3) systems are NOT affected by the security vulnerabilities where, by the absence of a cryptographic link between the password and the Disk Encryption Key, allows attackers with privileged access to SSD firmware to gain full access and the ability to decrypt encrypted data.
IBM FlashSystem 9100 systems and Storwize V7000 2076-724 (Gen3) systems are, in all editions and all platforms, NOT affected by the security vulnerabilities CVE-2018-12037 and CVE-2018-12038. All Self Encrypting Drive models supported by IBM FlashSystem 9100 systems and Storwize V7000 2076-724 (Gen3) systems are also NOT affected by the aforementioned vulnerabilities.
IBM Storwize V7000
IBM FlashSystem V9000
CPE | Name | Operator | Version |
---|---|---|---|
ibm storwize v7000 | eq | any | |
ibm flashsystem 9x00 | eq | any |
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
4.2 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
19.6%