Inadequate Account Lockout Settings in IBM BigFix Platform
CVE-2018-1475
9.8CRITICAL
Summary
The IBM BigFix Platform versions 9.2 and 9.5 are susceptible to a security risk due to insufficient account lockout settings. This vulnerability allows potential attackers to exploit the design flaw and execute brute force attempts on user account credentials, thereby compromising the integrity of system access. Proper configuration is essential to mitigate these risks and safeguard against unauthorized access. For more details, refer to the support documentation and vulnerability database.
Affected Version(s)
BigFix Platform 9.2
BigFix Platform 9.5
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved