2 matches found
Security Bulletin: IBM Cúram Social Program Management when not configured with LDAP or SSO may be vulnerable to denial of service.(CVE-2014-6092).
Summary Default authentication methods in IBM Curam Social Program Management do not allow for a per user account lockout policy, and rather employ a single, system wide policy. For most users of the system, a low lockout threshold is desirable. However, for users used to integrate with another...
CVE-2014-6092
CVE-2014-6092 affects IBM Curam SPM prior to SP6 EP6 (5.2 SP6 EP6; 6.0 SP2 EP26; 6.0.4 prior to 6.0.4.6; 6.0.5 prior to 6.0.5.6). The issue is that failed-login handling for web-service accounts does not enforce the same lockout policy as standard user accounts, enabling an attacker with knowledg...