Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2024-02-22 CVE-2024-1104 An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users.
network
low complexity
CWE-307
7.5
2024-02-09 CVE-2023-45190 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-307
6.1
2024-02-09 CVE-2023-45191 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
2024-02-02 CVE-2023-38273 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
2024-02-02 CVE-2023-50326 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
2024-01-25 CVE-2023-33759 Improper Restriction of Excessive Authentication Attempts vulnerability in Splicecom Maximiser Soft PBX
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack.
network
low complexity
splicecom CWE-307
critical
9.8
2024-01-22 CVE-2022-45790 Improper Restriction of Excessive Authentication Attempts vulnerability in Omron products
The Omron FINS protocol has an authenticated feature to prevent access to memory regions.
network
low complexity
omron CWE-307
critical
9.1
2024-01-18 CVE-2024-22317 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM APP Connect Enterprise
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts.
network
low complexity
ibm CWE-307
critical
9.1
2024-01-11 CVE-2023-50123 Improper Restriction of Excessive Authentication Attempts vulnerability in Hozard Alarm System 1.0
The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited.
network
high complexity
hozard CWE-307
8.1
2024-01-10 CVE-2023-49810 Improper Restriction of Excessive Authentication Attempts vulnerability in Wwbn Avideo 15Fed957Fb
A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb.
network
low complexity
wwbn CWE-307
6.5