PT-2017-12976 · Ibm · Ibm Spectrum Protect

Published

2017-10-05

Updated

2019-10-03

CVE-2017-1339

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect versions 7.1 through 8.1

Description The issue concerns the use of weak encryption for passwords in IBM Spectrum Protect Server, which could allow a database administrator to decrypt client or administrator passwords. This may lead to information disclosure or a denial of service.

Recommendations For IBM Spectrum Protect versions 7.1 through 8.1, consider changing the password encryption method to a stronger one to prevent potential decryption by a database administrator. As a temporary workaround, restrict access to sensitive data and limit database administrator privileges until a more secure encryption method is implemented.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2017-1339

Affected Products

Ibm Spectrum Protect

PT-2017-12976 · Ibm · Ibm Spectrum Protect

CVE-2017-1339

Weakness Enumeration

Related Identifiers

Affected Products

References · 6