CVE-2017-1601

IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=swg22014230	Patch Vendor Advisory
http://www.securitytracker.com/id/1040899	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/132624	VDB Entry Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.0:::::::*
	cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.0.1:::::::*
	cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1:::::::*
	cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.2:::::::*
	cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.3:::::::*
	cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.4:::::::*

History

No history.

Information

Published : 2018-05-02 13:29

Updated : 2024-02-28 16:25

NVD link : CVE-2017-1601

Mitre link : CVE-2017-1601

CVE.ORG link : CVE-2017-1601

JSON object : View

Products Affected

ibm

security_guardium_database_activity_monitor

CWE

CWE-521

Weak Password Requirements

{"id": "CVE-2017-1601", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-05-02T13:29:00.287", "references": [{"url": "http://www.ibm.com/support/docview.wss?uid=swg22014230", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securitytracker.com/id/1040899", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132624", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624."}, {"lang": "es", "value": "En IBM Security Guardium 10.0, 10.0.1 y 10.1 hasta la 10.1.4, Database Activity Monitor no pide que los usuarios tengan contrase\u00f1as fuertes por defecto, lo que hace que sea m\u00e1s f\u00e1cil que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 132624."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29D81340-4C19-4425-8C66-49DD3455EDFA"}, {"criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DA18ADA-7A89-4DE1-B69C-CB687B8EEEFD"}, {"criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "812ADB6B-451E-41E6-938A-D21E97FB5014"}, {"criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05019805-EF93-4ECC-B49F-863D3933274B"}, {"criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A67C9351-52F7-437B-B947-BEDCE449C177"}, {"criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02D12512-3BA9-42A3-85A9-9E2A3900FE84"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}