Description

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.

Related CPE's

a

ibm

spectrum_protect_operations_center

Vulnerable

o

ibm

aix

-

o

linux

linux_kernel

-

o

microsoft

windows

-

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/226325

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6595655

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-307

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-06-17T16:15:08.563

3 years ago

Last modified

2023-08-08T14:22:24.967

1 year ago