CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
32.6%
IBM LKS Administration and Reporting Tool and Administration Agent does not require that users should have passwords of defined length by default, which makes it easier for attackers to compromise user accounts. This has been addressed in remediation section.
CVEID:CVE-2024-40697
**DESCRIPTION:**IBM Common Licensing does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297895 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Common Licensing | Agent 9.0 |
IBM Common Licensing | ART 9.0 |
Download and apply Interim Fix Pack IBM_Common_Licensing_ICL_9.0.0.1 from Fix Central
Users are strongly advised to update to the latest version (IBM Common Licensing 9.0.0.1) to mitigate any potential risks associated with this vulnerability.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | common_licensing | 9.0 | cpe:2.3:a:ibm:common_licensing:9.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
32.6%