5.2.4

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

ibm

CWE-255

NVD

Published: 2014-10-26

Updated: 2017-09-08

Summary

The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator 5.2.4	2

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IT03935
http://www-01.ibm.com/support/docview.wss?uid=swg1IT03936
https://exchange.xforce.ibmcloud.com/vulnerabilities/96004
https://www-01.ibm.com/support/docview.wss?uid=swg21685345