CVE-2017-1601

{"id": "CVE-2017-1601", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-05-02T13:29:00.287", "references": [{"url": "http://www.ibm.com/support/docview.wss?uid=swg22014230", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securitytracker.com/id/1040899", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132624", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg22014230", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1040899", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132624", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624."}, {"lang": "es", "value": "En IBM Security Guardium 10.0, 10.0.1 y 10.1 hasta la 10.1.4, Database Activity Monitor no pide que los usuarios tengan contrase\u00f1as fuertes por defecto, lo que hace que sea m\u00e1s f\u00e1cil que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 132624."}], "lastModified": "2024-11-21T03:22:07.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29D81340-4C19-4425-8C66-49DD3455EDFA"}, {"criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DA18ADA-7A89-4DE1-B69C-CB687B8EEEFD"}, {"criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "812ADB6B-451E-41E6-938A-D21E97FB5014"}, {"criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05019805-EF93-4ECC-B49F-863D3933274B"}, {"criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A67C9351-52F7-437B-B947-BEDCE449C177"}, {"criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02D12512-3BA9-42A3-85A9-9E2A3900FE84"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}