A weak password algorithm in IBM Security Identity Manager Virtual Appliance in IBM Security Identity Manager Virtual Appliance - CVE-2016-0330
Published: July 11, 2016
Vulnerability identifier: #VU115
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-0330
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager Virtual Appliance
Detailed vulnerability description
The vulnerability allows a local user to gain access to the system.
The vulnerability exists due to weak password algorithm in IBM Security Identity Manager Virtual Appliance. This allows users to create insecure passwords. An attacker can exploit this vulnerability to gain access to the system.
Successful exploitation of this vulnerability may result in disclosure of user information.
The vulnerability exists due to weak password algorithm in IBM Security Identity Manager Virtual Appliance. This allows users to create insecure passwords. An attacker can exploit this vulnerability to gain access to the system.
Successful exploitation of this vulnerability may result in disclosure of user information.
How to mitigate CVE-2016-0330
IBM has issued a fix (7.0.1-ISS-SIM-FP0003).