CVE-2013-3040

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Information Server versions prior to 8.5 FP4 IBM InfoSphere Information Server versions 8.7 through FP2 IBM InfoSphere Information Server version 9.1

Description The issue allows remote attackers to enumerate user accounts via a brute-force attack, as login-failure messages indicate whether the username or password is incorrect.

Recommendations For IBM InfoSphere Information Server versions prior to 8.5 FP4, update to version 8.5 FP4 or later. For IBM InfoSphere Information Server versions 8.7 through FP2, update to version 8.7 FP3 or later. For IBM InfoSphere Information Server version 9.1, update to a newer version that addresses this issue. As a temporary workaround, consider restricting access to the login functionality to minimize the risk of exploitation.