7.5
CVE-2019-4565
- EPSS 0.21%
- Veröffentlicht 20.09.2019 16:15:13
- Zuletzt bearbeitet 21.11.2024 04:43:44
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Security Key Lifecycle Manager Version >= 3.0 <= 3.0.0.2
Ibm ≫ Security Key Lifecycle Manager Version >= 3.0.1 <= 3.0.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.426 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| psirt@us.ibm.com | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-521 Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.