CVE-2016-0391

Loading...

General

Score:7.5/10.0
Severity:High
Category:Access Control Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 02/07/16 - Updated on 07/07/16

Description

The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Category: Access Control Error

CWE-284 (Improper Access Control)
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Security Notices

US National Vulnerability DatabaseCVE-2016-0391

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
ibmwatson_developer_cloud

Share this vulnerability with:

Twitter Facebook LinkedIn Mail