CVE-2019-4565

Description

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.

CVSS breakdown

CVSS 3.0

Availability

None

Scope

Unchanged

Privileges Required

None

User Interaction

None

Integrity

None

Attack Complexity

High

Confidentiality

High

Attack Vector

Network

Unchanged

Changed

Affected products

ibm / Security Key Lifecycle Manager3.0 – 3.0
ibm / Security Key Lifecycle Manager3.0.1 – 3.0.1

References

MISChttps://www.ibm.com/support/pages/security-bulletin-ibm-security-key-lifecycle-manager-uses-weak-password-policy-cve-2019-4565
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/166626