CVE-2016-5997

Published: Sep 26, 2016Modified: May 6, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack.

Affected (7)

Products: Ibm: Tealeaf Customer Experience

Ibm

1 product

Tealeaf Customer Experience

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Ibm Tealeaf Customer Experience	Up to 8.7
Ibm Tealeaf Customer Experience	Version 8.8
Ibm Tealeaf Customer Experience	Version 9.0.0
Ibm Tealeaf Customer Experience	Version 9.0.1
Ibm Tealeaf Customer Experience	Version 9.0.1a
Ibm Tealeaf Customer Experience	Version 9.0.2
Ibm Tealeaf Customer Experience	Version 9.0.2a

Related CWEs

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21990216

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/93144

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21990216

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/93144

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.