Total
371 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38890 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2024-09-17 | 7.5 High |
| IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507. | ||||
| CVE-2021-20415 | 1 Ibm | 1 Guardium Data Encryption | 2024-09-17 | 7.5 High |
| IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217. | ||||
| CVE-2019-3766 | 1 Dell | 1 Emc Elastic Cloud Storage | 2024-09-17 | 9.8 Critical |
| Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts. | ||||
| CVE-2018-11082 | 1 Pivotal Software | 2 Cloudfoundry Uaa, Cloudfoundry Uaa Release | 2024-09-17 | N/A |
| Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user. | ||||
| CVE-2018-15759 | 1 Pivotal Software | 2 Broker Api, On Demand Services Sdk | 2024-09-17 | N/A |
| Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations. | ||||
| CVE-2021-1311 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2024-09-17 | 5.4 Medium |
| A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting. | ||||
| CVE-2019-3746 | 1 Dell | 5 Emc Idpa Dp4400, Emc Idpa Dp5800, Emc Idpa Dp8300 and 2 more | 2024-09-17 | 8.8 High |
| Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system. | ||||
| CVE-2019-4310 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-09-17 | 7.5 High |
| IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036. | ||||
| CVE-2020-4193 | 1 Ibm | 1 Security Guardium | 2024-09-17 | 9.8 Critical |
| IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857. | ||||
| CVE-2022-29084 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-09-17 | 8.1 High |
| Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. | ||||
| CVE-2021-29842 | 1 Ibm | 1 Websphere Application Server | 2024-09-17 | 5.3 Medium |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. | ||||
| CVE-2022-22496 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Server, Linux Kernel and 1 more | 2024-09-17 | 6.5 Medium |
| While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942. | ||||
| CVE-2018-1373 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-09-17 | N/A |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773. | ||||
| CVE-2020-25196 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-09-17 | 9.8 Critical |
| The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. | ||||
| CVE-2020-4891 | 1 Ibm | 1 Spectrum Scale | 2024-09-17 | 5.5 Medium |
| IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974. | ||||
| CVE-2022-22485 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more | 2024-09-17 | 9.8 Critical |
| In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325. | ||||
| CVE-2020-1616 | 1 Juniper | 2 Advanced Threat Protection, Virtual Advanced Threat Protection | 2024-09-17 | 5.3 Medium |
| Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0. | ||||
| CVE-2019-4068 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-09-16 | 7.5 High |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013. | ||||
| CVE-2017-15887 | 1 Synology | 1 Carddav Server | 2024-09-16 | N/A |
| An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. | ||||
| CVE-2022-36781 | 1 Connectwise | 1 Screenconnect | 2024-09-16 | 5.3 Medium |
| ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting access code combinations. ConnectWise has addressed this issue in later versions by implementing rate-limiting controls as a preventive measure against brute force attacks. | ||||