IBM Communications Server for Data Center Deployment, IBM Communications Server for AIX, IBM Communications Server for Linux, and IBM Communications Server for Linux on System z have addressed the following vulnerability:
CVE-2018-1447 GSKit and GSKit-Crypto Security Advisory December 2017 Part 1
CVEID: CVE-2018-1447**
DESCRIPTION:** The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139972 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected IBM Communications Server for Linux & CS for Linux on System z
|
Affected Versions
โ|โ
Communications Server for Data Center Deployment| 700
Communications Server for AIX| 640
Communications Server for Linux| 640
Communications Server for Linux on System z| 640
Product
|
VRMF
|
APAR
|
Remediation / First Fix
โ|โ|โ|โ
Communications Server for Data Center Deployment| 7.0.0.4| (AIX) IJ03789
(LINUX) LI79870| (AIX) Link to FIX
(LINUX)
Link to FIX on i686
Link to FIX on x86_64
Link to FIX on ppc
Link to FIX on s390x
Communications Server for AIX| 6.4.0.7| IJ03797| Link to FIX
Communications Server for Linux| 6.4.0.7| LI79880| Link to FIX on i686
Link to FIX on x86_64
Link to FIX on ppc
Communications Server for Linux on System z| 6.4.0.7| LI79891| Link to FIX
none