Brute Force Vulnerability in IBM Security Privileged Identity Manager Virtual Appliance
CVE-2016-5964

9.8CRITICAL

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 February 2017

Summary

The IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 has a flaw in its account lockout configurations. This weakness allows remote attackers to perform brute force attacks on user accounts, potentially compromising account credentials. Proper account lockout policies are essential to mitigate the risk of unauthorized access.

Affected Version(s)

Privileged Identity Manager 1.0.1

Privileged Identity Manager 1.0.1.1

Privileged Identity Manager 2.0.0

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.