PT-2016-6754 · Ibm · Ibm Tealeaf Customer Experience

Published

2016-09-26

·

Updated

2016-11-28

·

CVE-2016-5997

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions IBM Tealeaf Customer Experience versions prior to 8.7.1.8847 FP10 IBM Tealeaf Customer Experience versions prior to 8.8.0.9049 FP9 IBM Tealeaf Customer Experience version 9.0.0 IBM Tealeaf Customer Experience versions prior to 9.0.1.1117 FP5 IBM Tealeaf Customer Experience versions prior to 9.0.1.5108 9.0.1A FP5 IBM Tealeaf Customer Experience versions prior to 9.0.2.1223 FP3 IBM Tealeaf Customer Experience versions prior to 9.0.2.5224 9.0.2A FP3
Description The issue allows remote attackers to obtain access via a brute-force attack because the web portal does not apply password-quality rules to password changes.
Recommendations For versions prior to 8.7.1.8847 FP10, update to 8.7.1.8847 FP10 or later. For versions prior to 8.8.0.9049 FP9, update to 8.8.0.9049 FP9 or later. For version 9.0.0, update to a later version. For versions prior to 9.0.1.1117 FP5, update to 9.0.1.1117 FP5 or later. For versions prior to 9.0.1.5108 9.0.1A FP5, update to 9.0.1.5108 9.0.1A FP5 or later. For versions prior to 9.0.2.1223 FP3, update to 9.0.2.1223 FP3 or later. For versions prior to 9.0.2.5224 9.0.2A FP3, update to 9.0.2.5224 9.0.2A FP3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-640

Related Identifiers

CVE-2016-5997

Affected Products

Ibm Tealeaf Customer Experience