Brute Force Vulnerability in IBM Security Identity Manager Virtual Appliance
CVE-2016-0332

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Security Identity Manager Virtual Appliance
Vendor: CVE Published:; 12 January 2018

Summary

IBM Security Identity Manager Virtual Appliance versions 7.0.0.0 through 7.0.1.0 prior to the 7.0.1-ISS-SIM-FP0001 update are susceptible to a brute force vulnerability. The system does not adequately restrict login attempts, allowing remote attackers to exploit this weakness and gain unauthorized access. This flaw highlights the importance of implementing robust security measures and controls to protect sensitive information from malicious efforts.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21981438

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/111695

vdb-entryx_refsource_XF

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 12, 2018
Vulnerability Reserved
Dec 8, 2015