First published: Tue Apr 02 2019(Updated: )
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Privileged Identity Manager | =2.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1680 has a medium severity rating due to the potential for unauthorized account access.
To fix CVE-2018-1680, implement strong password policies for user accounts in IBM Security Privileged Identity Manager.
CVE-2018-1680 affects users of IBM Security Privileged Identity Manager Virtual Appliance version 2.2.1 and earlier.
The impact of CVE-2018-1680 is an increased risk of account compromise due to weak password requirements.
IBM has provided guidance to address CVE-2018-1680, but users should check the latest documentation for specific patch details.