Vulnerability identifier: #VU64499
Vulnerability risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-307
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
IBM Spectrum Protect Operations Center
Server applications /
Other server solutions
Vendor: IBM Corporation
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper restriction of excessive authentication attempts. A remote unauthenticated attacker can exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
IBM Spectrum Protect Operations Center: 8.1.0 - 8.1.14.000
External links
http://exchange.xforce.ibmcloud.com/vulnerabilities/226325
http://www.ibm.com/support/pages/node/6595655
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.