Weak Password Enforcement in IBM Tivoli Endpoint Manager
CVE-2017-1221
9.8CRITICAL
Summary
IBM Tivoli Endpoint Manager, specifically in versions 9.2 and 9.5, allows for weak password configurations by default, increasing the risk of unauthorized access to user accounts. Without enforcing strong password policies, attackers may easily compromise accounts, posing a significant threat to the security of sensitive data managed by the software. Proper configurations and updates are essential to mitigate potential exploitation of these vulnerabilities.
Affected Version(s)
BigFix Platform 9.2
BigFix Platform 9.5
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved