Inadequate Account Lockout Settings in IBM BigFix Platform
CVE-2018-1475

9.8CRITICAL

Key Information:

Vendor
IBM
Vendor
CVE Published:
27 April 2018

Summary

The IBM BigFix Platform versions 9.2 and 9.5 are susceptible to a security risk due to insufficient account lockout settings. This vulnerability allows potential attackers to exploit the design flaw and execute brute force attempts on user account credentials, thereby compromising the integrity of system access. Proper configuration is essential to mitigate these risks and safeguard against unauthorized access. For more details, refer to the support documentation and vulnerability database.

Affected Version(s)

BigFix Platform 9.2

BigFix Platform 9.5

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.