Vulnerability Name: | CVE-2021-38890 (CCN-209507) | ||||||||||||
Assigned: | 2021-11-22 | ||||||||||||
Published: | 2021-11-22 | ||||||||||||
Updated: | 2021-11-29 | ||||||||||||
Summary: | IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507. | ||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-307 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-38890 Source: XF Type: UNKNOWN ibm-sterling-cve202138890-info-disc(209507) Source: XF Type: VDB Entry, Vendor Advisory ibm-sterling-cve202138890-info-disc (209507) Source: CCN Type: IBM Security Bulletin 6518586 (Connect:Direct Web Services) Account Lockout Vulnerability Affects IBM Sterling Connect:Direct Web Services (CVE-2021-38890) Source: CONFIRM Type: Patch, Vendor Advisory https://www.ibm.com/support/pages/node/6518586 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |