PT-2023-20580 · Ibm · Ibm Security Guardium Data Encryption
Ben Goodspeed
+8
·
Published
2023-08-27
·
Updated
2023-08-29
·
CVE-2023-26271
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Security Guardium Data Encryption version 1.10.3
Description
The issue is related to an inadequate account lockout setting in IBM Security Guardium Data Encryption, which could allow a remote attacker to brute force account credentials. This could potentially lead to unauthorized access.
Recommendations
For version 1.10.3, consider implementing additional security measures to mitigate the risk of brute force attacks, such as temporarily restricting access to sensitive areas of the system or enhancing account lockout policies until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Guardium Data Encryption