Weak Password Enforcement in IBM Security Guardium Versions 10.0 to 10.1.4
CVE-2017-1601
9.8CRITICAL
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 2 May 2018
Summary
IBM Security Guardium versions 10.0 through 10.1.4 allow users to create accounts without enforcing strong password policies by default. This lack of robust password requirements can leave user accounts vulnerable to unauthorized access, enabling potential attackers to compromise sensitive data. The issue affects several versions of the product and is critical for users to address to mitigate risks associated with database security.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved