CVE-2018-1428
First published: Thu Mar 22 2018(Updated: )
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Db2 | =9.7 | |
| Ibm Db2 | =10.1 | |
| Ibm Db2 | =10.5 | |
| Ibm Db2 | =11.1 | |
| Linux Linux kernel | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1428?
The severity of CVE-2018-1428 is rated as medium with a score of 5.5.
How do I fix CVE-2018-1428?
To fix CVE-2018-1428, ensure you upgrade to the latest version of IBM DB2 that addresses the use of weaker cryptographic algorithms.
What versions of IBM DB2 are affected by CVE-2018-1428?
CVE-2018-1428 affects IBM DB2 versions 9.7, 10.1, 10.5, and 11.1.
What type of vulnerability is CVE-2018-1428?
CVE-2018-1428 is classified under cryptographic weaknesses, specifically the use of weaker than expected cryptographic algorithms.
Can CVE-2018-1428 lead to data breaches?
Yes, CVE-2018-1428 could allow an attacker to decrypt highly sensitive information, potentially leading to data breaches.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/ibm
- canonical/ibm db2
- version/ibm db2/9.7
- version/ibm db2/10.1
- version/ibm db2/10.5
- version/ibm db2/11.1
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows