Inadequate Account Lockout in IBM Verify Gateway
CVE-2020-4400

7.5HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
22 July 2020

Summary

IBM Verify Gateway versions 1.0.0 and 1.0.1 have been found to possess a vulnerability stemming from inadequate account lockout settings. This weakness potentially enables remote attackers to perform brute force attacks on user account credentials, increasing the risk of unauthorized access to sensitive information.

Affected Version(s)

Verify Gateway (IVG) 1.0.0

Verify Gateway (IVG) 1.0.1

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.