7.1.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

NVD

Published: 2015-10-04

Updated: 2015-10-05

Summary

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack. <a href="https://cwe.mitre.org/data/definitions/307.html">CWE-307: Improper Restriction of Excessive Authentication Attempts</a>

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Websphere Extreme Scale 7.1.0 IBM Websphere Extreme Scale 7.1.0.2 IBM Websphere Extreme Scale 7.1.1	3

References

http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105
http://www-01.ibm.com/support/docview.wss?uid=swg21966044