Vulnerabilities > CVE-2015-5010 - 7PK - Security Features vulnerability in IBM products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV80694
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV80694
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV80728
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV80728
- http://www-01.ibm.com/support/docview.wss?uid=swg21970508
- http://www-01.ibm.com/support/docview.wss?uid=swg21970508