Weak Authentication and Default Credential Management in IBM Spectrum Copy Data Management
CVE-2021-39064

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Copy Data Management
Vendor: CVE Published:; 13 December 2021

Summary

IBM Spectrum Copy Data Management versions 2.2.13 and earlier are susceptible to vulnerabilities due to weak authentication mechanisms and inadequate handling of default credentials for the Admin console. This flaw could potentially allow unauthorized access, leading to further exploitation of the system. Proper security measures are essential to mitigate the risks associated with this vulnerability, particularly regarding password strength and authentication practices. Organizations utilizing these affected versions should assess their security configurations and implement stronger credential management procedures.

Affected Version(s)

Spectrum Copy Data Management 2.2.13

References

https://www.ibm.com/support/pages/node/6525554

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/214957

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2021
Vulnerability Reserved
Aug 16, 2021