2 matches found
Security Bulletin: IBM Security Access Manager for Web does not enforce account lockouts (CVE-2015-5010)
Summary IBM Security Access Manager for Web does not enforce account lockouts after a certain number of failed login attempts. A remote attacker could use a brute force attack to determine the login credentials for the administrator. Vulnerability Details CVEID: CVE-2015-5010 DESCRIPTION: IBM...
CVE-2015-5010
IBM Security Access Manager for Web is affected: 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 lack an account lockout after failed logins, enabling brute-force access from remote attackers. Remediation exists in the connected IBM advisories: apply Interim Fix 21 for 7...