Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-40684
PUBLISHED
More InfoOfficial Page
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
View Known Exploited Vulnerability (KEV) details
Published At-27 May, 2026 | 13:48
Updated At-27 May, 2026 | 15:33
Rejected At-
▼CVE Numbering Authority (CNA)
IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

Affected Products
Vendor
IBM CorporationIBM
Product
Operations Analytics - Log Analysis
CPEs
  • cpe:2.3:a:ibm:operations_analytics___log_analysis:1.3.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:operations_analytics___log_analysis:1.3.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:operations_analytics___log_analysis:1.3.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:operations_analytics___log_analysis:1.3.8.0:*:*:*:*:*:*:*
Versions
Affected
  • From 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3 through 7.2.0.14 (semver)
  • 1.3.6.0, 1.3.6.1
  • 1.3.7.0, 1.3.7.1, 1.3.7.2
  • 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4
Problem Types
TypeCWE IDDescription
CWECWE-521CWE-521 Weak Password Requirements
Type: CWE
CWE ID: CWE-521
Description: CWE-521 Weak Password Requirements
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

None

Configurations
Workarounds

Implement the LDAP user registry in place of the database-managed custom user registry provided in Log Analysis. Refer to the link below for more information: * Configuring LDAP authentication in IBM Operations Analytics for Log Analysis 1.3.7 https://www.ibm.com/docs/en/oala/1.3.7 * Configuring LDAP authentication in IBM Operations Analytics for Log Analysis 1.3.8 https://www.ibm.com/docs/en/oala/1.3.8

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7268536
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7268536
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found