Account Lockout Vulnerability in IBM BigFix Inventory by IBM
CVE-2016-8964

9.8CRITICAL

Key Information:

Vendor
IBM
Vendor
CVE Published:
13 July 2017

Summary

IBM BigFix Inventory v9.2 is susceptible to an account lockout vulnerability due to inadequate settings, allowing remote attackers to execute brute force attacks and potentially gain unauthorized access to user accounts. This security flaw poses risks of credential theft and unauthorized control, highlighting the need for stronger account protection measures.

Affected Version(s)

BigFix Inventory 9.2

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.