CVE-2018-1447

CVE-2018-1447 is a medium-severity vulnerability in Ibm Spectrum Protect For Space Management with a CVSS 3.x base score of 5.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-916.

Key facts

Description

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.

Frequently asked questions

What is CVE-2018-1447?
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.
How severe is CVE-2018-1447?
CVE-2018-1447 has a CVSS 3.x base score of 5.1, rated medium severity. It is exploitable over local access with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
Is CVE-2018-1447 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (56th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2018-1447?
CVE-2018-1447 primarily affects Ibm Spectrum Protect For Space Management. In total, 3 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2018-1447?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2018-1447 published?
CVE-2018-1447 was published on 2018-04-04 and last updated on 2026-06-17.

References

Affected products (3)

More vulnerabilities in Ibm Spectrum Protect For Space Management

All CVEs affecting Ibm Spectrum Protect For Space Management →

Other CWE-916 vulnerabilities

Browse all CWE-916 vulnerabilities →