ByteOS Network

NVD Vulnerability Details :

CVE-2018-1426

Modified

Source-psirt@us.ibm.com

Published At-22 Mar, 2018 | 12:29

Updated At-24 Aug, 2020 | 17:37

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.1	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Secondary	3.0	7.4	HIGH	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary	2.0	6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-335	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.ibm.com/support/docview.wss?uid=swg22013756	psirt@us.ibm.com	Vendor Advisory
http://www.securityfocus.com/bid/105580	psirt@us.ibm.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041012	psirt@us.ibm.com	VDB Entry Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/139071	psirt@us.ibm.com	VDB Entry Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History