Inadequate Account Lockout in IBM Verify Gateway
CVE-2020-4400
7.5HIGH
Summary
IBM Verify Gateway versions 1.0.0 and 1.0.1 have been found to possess a vulnerability stemming from inadequate account lockout settings. This weakness potentially enables remote attackers to perform brute force attacks on user account credentials, increasing the risk of unauthorized access to sensitive information.
Affected Version(s)
Verify Gateway (IVG) 1.0.0
Verify Gateway (IVG) 1.0.1
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved