CVE-2018-1545: Weak Encryption
First published: Wed Sep 26 2018(Updated: )
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Protect client | >=7.1.0.0<=7.1.8.2 | |
| IBM Spectrum Protect client | >=8.1.0.0<=8.1.4.1 | |
| Ibm Spectrum Protect For Virtual Environments | >=7.1.0.0<=7.1.8.0 | |
| Ibm Spectrum Protect For Virtual Environments | >=7.1.0.0<=7.1.8.2 | |
| Ibm Spectrum Protect For Virtual Environments | >=8.1.0.0<=8.1.4.0 | |
| Ibm Spectrum Protect For Virtual Environments | >=8.1.0.0<=8.1.4.1 | |
| IBM Spectrum Protect client | >=8.1.0.0<=8.1.4.2 | |
| Apple macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1545?
The severity of CVE-2018-1545 is high with a severity value of 7.5.
Which versions of IBM Tivoli Storage Manager are affected by CVE-2018-1545?
IBM Tivoli Storage Manager (IBM Spectrum Protect) versions 7.1.0.0 to 7.1.8.2 and versions 8.1.0.0 to 8.1.4.2 are affected by CVE-2018-1545.
What are the vulnerable platforms for CVE-2018-1545?
The vulnerable platforms for CVE-2018-1545 are IBM Spectrum Protect client and IBM Spectrum Protect for Virtual Environments (Hyper-V and VMware).
What is the vulnerability description of CVE-2018-1545?
CVE-2018-1545 is a vulnerability in IBM Tivoli Storage Manager (IBM Spectrum Protect) that uses weaker than expected cryptographic algorithms, enabling attackers to decrypt highly sensitive information.
How can I fix CVE-2018-1545?
To fix CVE-2018-1545, it is recommended to update IBM Tivoli Storage Manager to a version that does not use weaker cryptographic algorithms.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm spectrum protect client
- version/ibm spectrum protect client/7.1.0.0
- version/ibm spectrum protect client/7.1.8.2
- version/ibm spectrum protect client/8.1.0.0
- version/ibm spectrum protect client/8.1.4.1
- canonical/ibm spectrum protect for virtual environments
- version/ibm spectrum protect for virtual environments/7.1.0.0
- version/ibm spectrum protect for virtual environments/7.1.8.0
- version/ibm spectrum protect for virtual environments/7.1.8.2
- version/ibm spectrum protect for virtual environments/8.1.0.0
- version/ibm spectrum protect for virtual environments/8.1.4.0
- version/ibm spectrum protect for virtual environments/8.1.4.1
- version/ibm spectrum protect client/8.1.4.2
- vendor/apple
- canonical/apple macos