Weak Password Policy in IBM PureApplication System
CVE-2019-4235

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Pureapplication System
Vendor: CVE Published:; 26 June 2019

Summary

IBM PureApplication System versions 2.2.3.0 through 2.2.5.3 lack a default requirement for strong passwords, making it easier for attackers to exploit user accounts. This vulnerability highlights the importance of enforcing robust authentication mechanisms to safeguard sensitive information from unauthorized access. To mitigate the risk, users are advised to implement a strong password policy and regularly update account credentials.

Affected Version(s)

PureApplication System 2.2.3.0

PureApplication System 2.2.3.1

PureApplication System 2.2.3.2

References

https://www-01.ibm.com/support/docview.wss?uid=ibm10885602

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/159417

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2019
Vulnerability Reserved
Jan 3, 2019