Account Lockout Vulnerability in IBM BigFix Inventory by IBM
CVE-2016-8964

9.8CRITICAL

Key Information:

Vendor
IBM
Status
Bigfix Inventory
Vendor
CVE Published:
13 July 2017

Summary

IBM BigFix Inventory v9.2 is susceptible to an account lockout vulnerability due to inadequate settings, allowing remote attackers to execute brute force attacks and potentially gain unauthorized access to user accounts. This security flaw poses risks of credential theft and unauthorized control, highlighting the need for stronger account protection measures.

Affected Version(s)

BigFix Inventory 9.2

References

http://www.ibm.com/support/docview.wss?uid=swg21995024
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038919
vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/118853
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.