Description
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 184156.
CVSS breakdown
CVSS 3.0
User Interaction
None
Privileges Required
None
Scope
Changed
Availability
None
Attack Complexity
Low
Confidentiality
High
Attack Vector
Network
Integrity
None
RL
O
RC
Changed
E
Unchanged
Affected products
- ibm / Security Key Lifecycle Manager3.0.1 – 3.0.1
- ibm / Security Key Lifecycle Manager4.0 – 4.0