IBM Security Directory Suite VA information disclosure
CVE-2022-32757

7.5HIGH

Key Information:

Vendor: IBM
Status: Security Directory Suite Va
Vendor: CVE Published:; 15 June 2023

Summary

IBM Security Directory Suite versions 8.0.1 through 8.0.1.19 are susceptible to a security flaw due to inadequate account lockout settings. This vulnerability could enable a remote attacker to perform brute force attacks on account credentials without facing sufficient deterrents. Organizations must ensure robust account lockout configurations are in place to mitigate the risk of credential compromise. For more details, refer to the vendor advisory and IBM X-Force ID 228510.

Affected Version(s)

Security Directory Suite VA 8.0.1 <= 8.0.1.19

References

https://www.ibm.com/support/pages/node/7001693

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/228510

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2023
Vulnerability Reserved
Jun 9, 2022