IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Security_identity_governance_and_intelligence | Ibm | 5.2 (including) | 5.2 (including) |
| Security_identity_governance_and_intelligence | Ibm | 5.2.1 (including) | 5.2.1 (including) |
| Security_identity_governance_and_intelligence | Ibm | 5.2.2 (including) | 5.2.2 (including) |
| Security_identity_governance_and_intelligence | Ibm | 5.2.2.1 (including) | 5.2.2.1 (including) |
| Security_identity_governance_and_intelligence | Ibm | 5.2.3 (including) | 5.2.3 (including) |
| Security_identity_governance_and_intelligence | Ibm | 5.2.3.1 (including) | 5.2.3.1 (including) |
| Security_identity_governance_and_intelligence | Ibm | 5.2.3.2 (including) | 5.2.3.2 (including) |