Weak Password Enforcement in IBM Security Guardium Versions 10.0 to 10.1.4
CVE-2017-1601

9.8CRITICAL

Key Information:

Vendor

IBM
Status
Security Guardium Database Activity Monitor
Vendor
CVE Published:
2 May 2018

What is CVE-2017-1601?

IBM Security Guardium versions 10.0 through 10.1.4 allow users to create accounts without enforcing strong password policies by default. This lack of robust password requirements can leave user accounts vulnerable to unauthorized access, enabling potential attackers to compromise sensitive data. The issue affects several versions of the product and is critical for users to address to mitigate risks associated with database security.

References

http://www.ibm.com/support/docview.wss?uid=swg22014230
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/132624
vdb-entryx_refsource_XF
http://www.securitytracker.com/id/1040899
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.