CVE-2018-1447
CVE-2018-1447 is a medium-severity vulnerability in Ibm Spectrum Protect For Space Management with a CVSS 3.x base score of 5.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-916.
Key facts
- Severity: Medium (CVSS 3.x base score 5.1)
- CVSS v2: 5.0
- EPSS exploit prediction: 1% (56th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-916
- Affected product: Ibm Spectrum Protect For Space Management
- Published:
- Last modified:
Description
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.
Frequently asked questions
- What is CVE-2018-1447?
- The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.
- How severe is CVE-2018-1447?
- CVE-2018-1447 has a CVSS 3.x base score of 5.1, rated medium severity. It is exploitable over local access with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2018-1447 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (56th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2018-1447?
- CVE-2018-1447 primarily affects Ibm Spectrum Protect For Space Management. In total, 3 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2018-1447?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2018-1447 published?
- CVE-2018-1447 was published on 2018-04-04 and last updated on 2026-06-17.
References
- http://www.ibm.com/support/docview.wss?uid=swg22014669
- http://www.ibm.com/support/docview.wss?uid=swg22014957
- http://www.ibm.com/support/docview.wss?uid=swg22015066
- http://www.ibm.com/support/docview.wss?uid=swg22015071
- http://www.securityfocus.com/bid/104511
- http://www.securitytracker.com/id/1041012
- https://exchange.xforce.ibmcloud.com/vulnerabilities/139972
Affected products (3)
- cpe:2.3:a:ibm:spectrum_protect_for_space_management:*:*:*:*:*:vmware:*:*
- cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:vmware:*:*
- cpe:2.3:a:ibm:spectrum_protect_snapshot:*:*:*:*:*:vmware:*:*
More vulnerabilities in Ibm Spectrum Protect For Space Management
- CVE-2021-29672 — High (CVSS 7.8): IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper…
- CVE-2020-4494 — High (CVSS 7.5): IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum…
- CVE-2023-33832 — Medium (CVSS 6.2): IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to…
- CVE-2021-39048 — Medium (CVSS 5.5): IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds…
- CVE-2021-20546 — Medium (CVSS 5.5): IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper…
- CVE-2020-4406 — Medium (CVSS 5.4): IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum…
All CVEs affecting Ibm Spectrum Protect For Space Management →
Other CWE-916 vulnerabilities
- CVE-2020-14516 — Critical (CVSS 10.0): In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the…
- CVE-2026-30789 — Critical (CVSS 9.8): Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts…
- CVE-2024-5743 — Critical (CVSS 9.8): An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome…
- CVE-2021-36767 — Critical (CVSS 9.8): In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the…
- CVE-2021-32519 — Critical (CVSS 9.8): Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows…
- CVE-2019-17216 — Critical (CVSS 9.8): An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password…