CVE-2014-6099

2014-10-2618:00:00

ibm

www.cve.org

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.9%

JSON

The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach.

References

www-01.ibm.com/support/docview.wss?uid=swg1IT03935

www-01.ibm.com/support/docview.wss?uid=swg1IT03936

exchange.xforce.ibmcloud.com/vulnerabilities/96004

www-01.ibm.com/support/docview.wss?uid=swg21685345