PT-2016-6753 · Ibm · Ibm Tealeaf Customer Experience
Published
2016-09-26
·
Updated
2016-11-28
·
CVE-2016-5996
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Tealeaf Customer Experience versions prior to 8.7.1.8847 FP10
IBM Tealeaf Customer Experience versions prior to 8.8.0.9049 FP9
IBM Tealeaf Customer Experience version 9.0.0
IBM Tealeaf Customer Experience versions prior to 9.0.1.1117 FP5
IBM Tealeaf Customer Experience versions prior to 9.0.1.5108 9.0.1A FP5
IBM Tealeaf Customer Experience versions prior to 9.0.2.1223 FP3
IBM Tealeaf Customer Experience versions prior to 9.0.2.5224 9.0.2A FP3
Description
The issue is related to the lack of password-length restrictions in the web portal, making it easier for remote attackers to gain access via brute-force attacks.
Recommendations
For versions prior to 8.7.1.8847 FP10, update to 8.7.1.8847 FP10 or later.
For versions prior to 8.8.0.9049 FP9, update to 8.8.0.9049 FP9 or later.
For version 9.0.0, update to a later version.
For versions prior to 9.0.1.1117 FP5, update to 9.0.1.1117 FP5 or later.
For versions prior to 9.0.1.5108 9.0.1A FP5, update to 9.0.1.5108 9.0.1A FP5 or later.
For versions prior to 9.0.2.1223 FP3, update to 9.0.2.1223 FP3 or later.
For versions prior to 9.0.2.5224 9.0.2A FP3, update to 9.0.2.5224 9.0.2A FP3 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Tealeaf Customer Experience