What is CVE-2017-1221?

CVE-2017-1221 is a critical-severity vulnerability in Ibm Bigfix Platform, classified under Weak Password Requirements. CVSS score: 9.8/10. Published 2017-11-13.

How severe is CVE-2017-1221?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Ibm Bigfix Platform

CVE-2017-1221

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861.

EPSS: 0.003 (49.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ibm Bigfix Platform — versions 9.5, 9.2
Ibm Bigfix_platform — versions 9.2, 9.5

Weakness classification (CWE)

CWE-521 — Weak Password Requirements

References

psirt@us.ibm.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@us.ibm.com (VDB Entry, x_refsource_MISC, Issue Tracking, Vendor Advisory)
psirt@us.ibm.com (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2017-1221?: CVE-2017-1221 is a critical-severity vulnerability in Ibm Bigfix Platform, classified under Weak Password Requirements. CVSS score: 9.8/10. Published 2017-11-13.
How severe is CVE-2017-1221?: Critical severity. CVSS v3 base score is 9.8 out of 10.