CVE-2016-5964

Description

IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

Affected products

• IBM Corporation / Privileged Identity Manager1.0.1 – 1.0.1
• IBM Corporation / Privileged Identity Manager1.0.1.1 – 1.0.1.1
• IBM Corporation / Privileged Identity Manager2.0.0 – 2.0.0
• IBM Corporation / Privileged Identity Manager2.0.1 – 2.0.1
• IBM Corporation / Privileged Identity Manager2.0.2 – 2.0.2
• IBM Corporation / Privileged Identity Manager2.1.0 – 2.1.0

References

• MISChttp://www.securityfocus.com/bid/94308
• MISChttp://www.ibm.com/support/docview.wss?uid=swg21994065