CVE-2024-49342
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-08-06
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | informix_dynamic_server | 12.10 |
| ibm | informix_dynamic_server | 14.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Informix Dynamic Server 12.10 and 14.10 is due to an inadequate account lockout setting. It means the server does not effectively lock user accounts after multiple incorrect password attempts, allowing a remote attacker to repeatedly try different passwords (brute force attack) to gain unauthorized access to user credentials. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to your system because attackers can guess user credentials through brute force attacks without being locked out. This compromises the confidentiality of your data, as attackers may gain access to sensitive information. [1]
What immediate steps should I take to mitigate this vulnerability?
Users should download and apply the latest permanent fixes released by IBM, which are included in IBM Informix HQ versions 12.10.xC16W2, 14.10.xC11W1, and IBM Informix HQ version 3.0.0. It is recommended to follow the Informix Servers documentation for upgrading the database server. No workarounds or mitigations are provided. [1]