Vulnerability Description
The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Sterling B2B Integrator | 5.2 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT03935
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT03936
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96004
- https://www-01.ibm.com/support/docview.wss?uid=swg21685345Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT03935
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT03936
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96004
- https://www-01.ibm.com/support/docview.wss?uid=swg21685345Vendor Advisory
FAQ
What is CVE-2014-6099?
CVE-2014-6099 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to ob...
How severe is CVE-2014-6099?
CVE-2014-6099 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-6099?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Sterling B2B Integrator.