Home Unlabelled IBM Security Bulletin:A vulnerability in GSKit and GSKit-Crypto affects IBM Performance Management products (CVE-2018-1447)

IBM Security Bulletin:A vulnerability in GSKit and GSKit-Crypto affects IBM Performance Management products (CVE-2018-1447)

By
Friday, August 03, 2018
Read
Add Comment

A vulnerability in GSKit and GSKit-Crypto affects IBM Performance Management products. The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action.

CVE(s): CVE-2018-1447

Affected product(s) and affected version(s):

IBM Monitoring 8.1.3
IBM Advanced Diagnostics 8.1.3
IBM Application Performance Management 8.1.3
IBM Application Performance Management Advanced 8.1.3
IBM Application Performance Management, Base Private 8.1.4
IBM Application Performance Management, Advanced Private 8.1.4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22015283
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139972

The post IBM Security Bulletin:A vulnerability in GSKit and GSKit-Crypto affects IBM Performance Management products (CVE-2018-1447) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2ADH05Z
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us