IBM Security Access Manager for Mobile 8.x prior to 8.0.1 and Security Access Manager for Web 7.x prior to 7.0.0 FP10 and 8.x prior to 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote malicious users to obtain admin access via a brute-force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm security access manager for mobile 8.0 |
||
ibm security access manager for web 8.0 |
||
ibm security access manager for web 7.0 |