9.8
CVE-2024-40684
- EPSS 0.36%
- Veröffentlicht 27.05.2026 13:48:59
- Zuletzt bearbeitet 05.06.2026 18:57:45
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism
IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Operations Analytics Log Analysis Version1.3.5.0
Ibm ≫ Operations Analytics Log Analysis Version1.3.5.1
Ibm ≫ Operations Analytics Log Analysis Version1.3.5.2
Ibm ≫ Operations Analytics Log Analysis Version1.3.5.3
Ibm ≫ Operations Analytics Log Analysis Version1.3.6.0
Ibm ≫ Operations Analytics Log Analysis Version1.3.6.1
Ibm ≫ Operations Analytics Log Analysis Version1.3.7.0
Ibm ≫ Operations Analytics Log Analysis Version1.3.7.1
Ibm ≫ Operations Analytics Log Analysis Version1.3.7.2
Ibm ≫ Operations Analytics Log Analysis Version1.3.8.0
Ibm ≫ Operations Analytics Log Analysis Version1.3.8.1
Ibm ≫ Operations Analytics Log Analysis Version1.3.8.2
Ibm ≫ Operations Analytics Log Analysis Version1.3.8.3
Ibm ≫ Operations Analytics Log Analysis Version1.3.8.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.276 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@us.ibm.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-521 Weak Password Requirements
The product does not require that users should have strong passwords.
https://www.ibm.com/support/pages/node/7268536