Weak Password Policy in IBM Security Privileged Identity Manager Virtual Appliance
CVE-2018-1680

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Privileged Identity Manager
Vendor: CVE Published:; 2 April 2019

Summary

The IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is susceptible to security risks due to its default configuration, which does not enforce strong password requirements. This oversight can potentially allow attackers to easily gain unauthorized access to user accounts, putting sensitive data and systems at risk. It is crucial for users of this product to implement robust password policies to mitigate the associated security threats.

Affected Version(s)

Security Privileged Identity Manager 2.1.1

References

http://www.ibm.com/support/docview.wss?uid=ibm10879093

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/145236

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2019
Vulnerability Reserved
Dec 13, 2017