Overview
- Description
- IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-255
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:endpoint_manager_for_remote_control:9.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E50BE84B-F203-411C-AAEE-1F0ECFF61839"
},
{
"criteria": "cpe:2.3:a:ibm:endpoint_manager_for_remote_control:9.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64B4383F-F25A-40E7-A3E2-C79D94F13957"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_remote_control:5.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3BFA6A7-DA21-4DB1-829E-6CBF15AE19B6"
}
],
"operator": "OR"
}
]
}
]