CVE-2016-5997
First published: Mon Sep 26 2016(Updated: )
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Tealeaf Customer Experience | <=8.7 | |
| IBM Tealeaf Customer Experience | =8.8 | |
| IBM Tealeaf Customer Experience | =9.0.0 | |
| IBM Tealeaf Customer Experience | =9.0.1 | |
| IBM Tealeaf Customer Experience | =9.0.1a | |
| IBM Tealeaf Customer Experience | =9.0.2 | |
| IBM Tealeaf Customer Experience | =9.0.2a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm tealeaf customer experience
- version/ibm tealeaf customer experience/8.7
- version/ibm tealeaf customer experience/8.8
- version/ibm tealeaf customer experience/9.0.0
- version/ibm tealeaf customer experience/9.0.1
- version/ibm tealeaf customer experience/9.0.1a
- version/ibm tealeaf customer experience/9.0.2
- version/ibm tealeaf customer experience/9.0.2a