There is a vulnerability in GSKit and GSKit-Crypto Security that is used by Content Manager OnDemand for Multi platforms.
CVEID: CVE-2018-1447**
DESCRIPTION:** The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139972 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Content Manager OnDemand for Multiplatforms v 9.0
Content Manager OnDemand for Multiplatforms v 9.5
Content Manager OnDemand for Multiplatforms v 10.0
Product
| Version|Remediation
โ|โ|โ
Content Manager OnDemand for Multiplatforms| 9.0| Migrate to higher version
Content Manager OnDemand for Multiplatforms| 9.5| _Use _CMOD 9.5.0.11 available at https://www.ibm.com/support/fixcentral/
Content Manager OnDemand for Multiplatforms| 10.1| _Use _CMOD 10.1.0.3 available at https://www.ibm.com/support/fixcentral/
NA