Vulnerabilities > CVE-2020-4891 - Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Scale

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ibm

CWE-307

NVD

Published: 2021-03-16

Updated: 2021-03-22

Summary

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Spectrum Scale 5.1.0.0 IBM Spectrum Scale 5.1.0.1 IBM Spectrum Scale 5.1.0.2 IBM Spectrum Scale 5.0.2.2	4

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/190974
https://www.ibm.com/support/pages/node/6430147