Description
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22014230
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/132624
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040899
Scores
CVSS v3
9.8
EPSS
0.0253
EPSS Percentile
82.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-521
Status
published
Products (6)
ibm/security_guardium_database_activity_monitor
10.0
ibm/security_guardium_database_activity_monitor
10.0.1
ibm/security_guardium_database_activity_monitor
10.1
ibm/security_guardium_database_activity_monitor
10.1.2
ibm/security_guardium_database_activity_monitor
10.1.3
ibm/security_guardium_database_activity_monitor
10.1.4
Published
May 02, 2018
Tracked Since
Feb 18, 2026