IBM License Metric Tool (ILMT) v9.x and IBM BigFix Inventory (BFI) v9.x were allowing attacker to conduct brute force dictionary attacks to bypass authentication due to a missing account lockout mechanism. The issue has been fixed in version 9.2.8.
CVE(s): CVE-2016-8964
Affected product(s) and affected version(s):
IBM License Metric Tool v9.x
IBM BigFix Inventory v9.x
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2uixCR8
X-Force Database: http://ift.tt/2uRlxzy
The post IBM Security Bulletin: Vulnerability in account lockout affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-8964) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2uiLOcZ
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.