IBM Common Licensing 9.0 Flaws Make User Accounts Easier to Compromise
CVE-2024-40697

7.5HIGH

Key Information:

Vendor: IBM
Status: Common Licensing
Vendor: CVE Published:; 13 August 2024

What is CVE-2024-40697?

IBM Common Licensing 9.0 has a notable vulnerability that fails to enforce strong password requirements by default. This oversight allows attackers to more easily compromise user accounts, posing a significant risk to users and their sensitive information. Organizations utilizing this version are strongly encouraged to review their password policies and implement stronger security measures to safeguard against unauthorized access.

Affected Version(s)

Common Licensing 9.0

References

https://www.ibm.com/support/pages/node/7165250

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/297895

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jul 8, 2024