IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIBM Bigfix Inventory
APPIbm9.0 – 9.2.8 (bez)IBM License Metric Tool
APPIbm9.0 – 9.2.8 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
References
Related vulnerabilities
CVE-2016-8980HIGH8.1ten sam produkt
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE)...
CVE-2025-36351MEDIUM4.3ten sam produkt
IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in ...
CVE-2025-36352MEDIUM6.4ten sam produkt
IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability ...
CVE-2023-43044MEDIUM5.3ten sam produkt
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker c...
CVE-2016-8962MEDIUM5.9ten sam produkt
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it e...