CVE-2020-4567
First published: Wed Jul 29 2020(Updated: )
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 184156.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Security Key Lifecycle Manager | =3.0.1 | |
| Ibm Security Key Lifecycle Manager | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2020-4567.
What is the severity of CVE-2020-4567?
The severity of CVE-2020-4567 is critical.
What is the affected software for CVE-2020-4567?
The affected software is IBM Tivoli Key Lifecycle Manager versions 3.0.1 and 4.0.
How does CVE-2020-4567 allow attackers to exploit the system?
CVE-2020-4567 allows remote attackers to brute force account credentials due to an inadequate account lockout setting.
Where can I find more information about CVE-2020-4567?
You can find more information about CVE-2020-4567 on the IBM X-Force ID: 184156 page and the IBM support page.
- collector/nvd-index
- agent/references
- agent/severity
- vendor/ibm
- canonical/ibm security key lifecycle manager
- version/ibm security key lifecycle manager/3.0.1
- version/ibm security key lifecycle manager/4.0