CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
70.9%
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | security_access_manager_for_mobile | 8.0 | cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0:*:*:*:*:*:*:* |
ibm | security_access_manager_for_web | 7.0 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0:*:*:*:*:*:*:* |
ibm | security_access_manager_for_web | 8.0 | cpe:2.3:a:ibm:security_access_manager_for_web:8.0:*:*:*:*:*:*:* |