Account Lockout Vulnerability in IBM BigFix Inventory by IBM
CVE-2016-8964
9.8CRITICAL
Summary
IBM BigFix Inventory v9.2 is susceptible to an account lockout vulnerability due to inadequate settings, allowing remote attackers to execute brute force attacks and potentially gain unauthorized access to user accounts. This security flaw poses risks of credential theft and unauthorized control, highlighting the need for stronger account protection measures.
Affected Version(s)
BigFix Inventory 9.2
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved