CVE-2018-1466: Weak Encryption
First published: Thu May 17 2018(Updated: )
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Storwize Unified V7000 | >=6.1.0.0<7.5.0.14 | |
| IBM Storwize Unified V7000 | >=7.7.0.0<7.7.1.9 | |
| IBM Storwize Unified V7000 | >=7.8.0.0<7.8.1.6 | |
| IBM Storwize Unified V7000 | >=8.1.1.0<8.1.1.2 | |
| IBM Storwize Unified V7000 | >=8.1.2.0<8.1.2.1 | |
| IBM Storwize Unified V7000 | ||
| IBM Storwize V5000 | >=6.1.0.0<7.5.0.14 | |
| IBM Storwize V5000 | >=7.7.0.0<7.7.1.9 | |
| IBM Storwize V5000 | >=7.8.0.0<7.8.1.6 | |
| IBM Storwize V5000 | >=8.1.1.0<8.1.1.2 | |
| IBM Storwize V5000 | >=8.1.2.0<8.1.2.1 | |
| IBM Storwize | ||
| IBM Storwize V3700 Firmware | >=6.1.0.0<7.5.0.14 | |
| IBM Storwize V3700 Firmware | >=7.7.0.0<7.7.1.9 | |
| IBM Storwize V3700 Firmware | >=7.8.0.0<7.8.1.6 | |
| IBM Storwize V3700 Firmware | >=8.1.1.0<8.1.1.2 | |
| IBM Storwize V3700 Firmware | >=8.1.2.0<8.1.2.1 | |
| IBM Storwize | ||
| IBM Storwize V3500 Software | >=6.1.0.0<7.5.0.14 | |
| IBM Storwize V3500 Software | >=7.7.0.0<7.7.1.9 | |
| IBM Storwize V3500 Software | >=7.8.0.0<7.8.1.6 | |
| IBM Storwize V3500 Software | >=8.1.1.0<8.1.1.2 | |
| IBM Storwize V3500 Software | >=8.1.2.0<8.1.2.1 | |
| IBM Storwize V3500 Software | ||
| IBM Storwize V9000 | >=6.1.0.0<7.5.0.14 | |
| IBM Storwize V9000 | >=7.7.0.0<7.7.1.9 | |
| IBM Storwize V9000 | >=7.8.0.0<7.8.1.6 | |
| IBM Storwize V9000 | >=8.1.1.0<8.1.1.2 | |
| IBM Storwize V9000 | >=8.1.2.0<8.1.2.1 | |
| IBM Storwize | ||
| IBM SAN Volume Controller Firmware | >=6.1.0.0<7.5.0.14 | |
| IBM SAN Volume Controller Firmware | >=7.7.0.0<7.7.1.9 | |
| IBM SAN Volume Controller Firmware | >=7.8.0.0<7.8.1.6 | |
| IBM SAN Volume Controller Firmware | >=8.1.1.0<8.1.1.2 | |
| IBM SAN Volume Controller Firmware | >=8.1.2.0<8.1.2.1 | |
| IBM SAN Volume Controller Firmware | ||
| IBM Storage Virtualize | >=6.1.0.0<7.5.0.14 | |
| IBM Storage Virtualize | >=7.7.0.0<7.7.1.9 | |
| IBM Storage Virtualize | >=7.8.0.0<7.8.1.6 | |
| IBM Storage Virtualize | >=8.1.1.0<8.1.1.2 | |
| IBM Storage Virtualize | >=8.1.2.0<8.1.2.1 | |
| IBM Spectrum Virtualize | >=6.1.0.0<7.5.0.14 | |
| IBM Spectrum Virtualize | >=7.7.0.0<7.7.1.9 | |
| IBM Spectrum Virtualize | >=7.8.0.0<7.8.1.6 | |
| IBM Spectrum Virtualize | >=8.1.1.0<8.1.1.2 | |
| IBM Spectrum Virtualize | >=8.1.2.0<8.1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1466?
CVE-2018-1466 is classified as a high severity vulnerability.
How do I fix CVE-2018-1466?
To address CVE-2018-1466, upgrade your IBM SAN Volume Controller or IBM Storwize products to the latest firmware version.
What products are affected by CVE-2018-1466?
CVE-2018-1466 affects multiple IBM products including IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem across various firmware versions.
What type of vulnerability is CVE-2018-1466?
CVE-2018-1466 involves the use of weaker than expected cryptographic algorithms.
Can CVE-2018-1466 allow data breaches?
Yes, CVE-2018-1466 could potentially allow an attacker to decrypt highly sensitive information.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm storwize unified v7000
- version/ibm storwize unified v7000/6.1.0.0
- version/ibm storwize unified v7000/7.7.0.0
- version/ibm storwize unified v7000/7.8.0.0
- version/ibm storwize unified v7000/8.1.1.0
- version/ibm storwize unified v7000/8.1.2.0
- canonical/ibm storwize v5000
- version/ibm storwize v5000/6.1.0.0
- version/ibm storwize v5000/7.7.0.0
- version/ibm storwize v5000/7.8.0.0
- version/ibm storwize v5000/8.1.1.0
- version/ibm storwize v5000/8.1.2.0
- canonical/ibm storwize
- canonical/ibm storwize v3700 firmware
- version/ibm storwize v3700 firmware/6.1.0.0
- version/ibm storwize v3700 firmware/7.7.0.0
- version/ibm storwize v3700 firmware/7.8.0.0
- version/ibm storwize v3700 firmware/8.1.1.0
- version/ibm storwize v3700 firmware/8.1.2.0
- canonical/ibm storwize v3500 software
- version/ibm storwize v3500 software/6.1.0.0
- version/ibm storwize v3500 software/7.7.0.0
- version/ibm storwize v3500 software/7.8.0.0
- version/ibm storwize v3500 software/8.1.1.0
- version/ibm storwize v3500 software/8.1.2.0
- canonical/ibm storwize v9000
- version/ibm storwize v9000/6.1.0.0
- version/ibm storwize v9000/7.7.0.0
- version/ibm storwize v9000/7.8.0.0
- version/ibm storwize v9000/8.1.1.0
- version/ibm storwize v9000/8.1.2.0
- canonical/ibm san volume controller firmware
- version/ibm san volume controller firmware/6.1.0.0
- version/ibm san volume controller firmware/7.7.0.0
- version/ibm san volume controller firmware/7.8.0.0
- version/ibm san volume controller firmware/8.1.1.0
- version/ibm san volume controller firmware/8.1.2.0
- canonical/ibm storage virtualize
- version/ibm storage virtualize/6.1.0.0
- version/ibm storage virtualize/7.7.0.0
- version/ibm storage virtualize/7.8.0.0
- version/ibm storage virtualize/8.1.1.0
- version/ibm storage virtualize/8.1.2.0
- canonical/ibm spectrum virtualize
- version/ibm spectrum virtualize/6.1.0.0
- version/ibm spectrum virtualize/7.7.0.0
- version/ibm spectrum virtualize/7.8.0.0
- version/ibm spectrum virtualize/8.1.1.0
- version/ibm spectrum virtualize/8.1.2.0