Brute Force Vulnerability in IBM Security Privileged Identity Manager Virtual Appliance
CVE-2016-5964

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Privileged Identity Manager
Vendor: CVE Published:; 1 February 2017

Summary

The IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 has a flaw in its account lockout configurations. This weakness allows remote attackers to perform brute force attacks on user accounts, potentially compromising account credentials. Proper account lockout policies are essential to mitigate the risk of unauthorized access.

Affected Version(s)

Privileged Identity Manager 1.0.1

Privileged Identity Manager 1.0.1.1

Privileged Identity Manager 2.0.0

References

http://www.securityfocus.com/bid/94308

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=swg21994065

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2017
Vulnerability Reserved
Jun 29, 2016