Weak Password Enforcement in IBM Security Guardium Versions 10.0 to 10.1.4
CVE-2017-1601

9.8CRITICAL

Key Information:

Vendor
IBM
Vendor
CVE Published:
2 May 2018

Summary

IBM Security Guardium versions 10.0 through 10.1.4 allow users to create accounts without enforcing strong password policies by default. This lack of robust password requirements can leave user accounts vulnerable to unauthorized access, enabling potential attackers to compromise sensitive data. The issue affects several versions of the product and is critical for users to address to mitigate risks associated with database security.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.