IBM InfoSphere Information Server up to and including 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote malicious users to enumerate user accounts via a brute-force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm infosphere information server 8.5.0.2 |
||
ibm infosphere information server 8.5.0.3 |
||
ibm infosphere information server 8.5 |
||
ibm infosphere information server 8.7 |
||
ibm infosphere information server 8.7.0.1 |
||
ibm infosphere information server 9.1 |
||
ibm infosphere information server 8.7.0.2 |
||
ibm infosphere information server 8.5.0.1 |