Description
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101683
Issue Tracking, VDB Entry, Vendor Advisory x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/123861
Issue Tracking, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22010177
Scores
CVSS v3
9.8
EPSS
0.0158
EPSS Percentile
72.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-521
Status
published
Products (4)
IBM/BigFix Platform
9.2
IBM/BigFix Platform
9.5
ibm/bigfix_platform
9.2
ibm/bigfix_platform
9.5
Published
Nov 13, 2017
Tracked Since
Feb 18, 2026