CVE-2023-38273

Description

IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

ibm / cloud_pak_system2.3.1.1, 2.3.2.0, 2.3.3.7 – 2.3.1.1, 2.3.2.0, 2.3.3.7

References

MISChttps://www.ibm.com/support/pages/node/7105357
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/260733