CVE-2016-0922

Опубликовано: 18 сент. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.

Ссылки

http://seclists.org/bugtraq/2016/Sep/17
Third Party Advisory
http://www.securityfocus.com/bid/92945
http://seclists.org/bugtraq/2016/Sep/17
Third Party Advisory
http://www.securityfocus.com/bid/92945

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:emc:vipr_srm:*:*:*:*:*:*:*:*

Версия до 3.7.1 (включая)

EPSS

Процентиль: 67%

0.00533

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-285

Связанные уязвимости

GHSA-rqwp-mcm8-rm59