{"api_version":"1","generated_at":"2026-05-01T09:36:15+00:00","cve":"CVE-2017-1597","urls":{"html":"https://cve.report/CVE-2017-1597","api":"https://cve.report/api/cve/CVE-2017-1597.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-1597","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-1597"},"summary":{"title":"CVE-2017-1597","description":"IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2018-12-17 16:29:00","updated_at":"2019-10-09 23:26:00"},"problem_types":["CWE-521"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/132610","name":"ibm-guardium-cve20171597-info-disc(132610)","refsource":"XF","tags":["VDB Entry","Vendor Advisory"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106236","name":"106236","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"IBM Security Guardium Database Activity Monitor CVE-2017-1597 Security Weakness","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.ibm.com/support/docview.wss?uid=swg22014231","name":"https://www.ibm.com/support/docview.wss?uid=swg22014231","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by a Weak Passsword Policy vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-1597","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1597","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"1597","vulnerable":"1","versionEndIncluding":"10.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_guardium","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2018-12-13T00:00:00","ID":"CVE-2017-1597","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Security Guardium","version":{"version_data":[{"version_value":"10.0"},{"version_value":"10.0.1"},{"version_value":"10.1"},{"version_value":"10.1.2"},{"version_value":"10.1.3"},{"version_value":"10.1.4"},{"version_value":"10.5"}]}}]},"vendor_name":"IBM"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610."}]},"impact":{"cvssv3":{"BM":{"A":"N","AC":"H","AV":"N","C":"H","I":"N","PR":"N","S":"U","SCORE":"5.900","UI":"N"},"TM":{"E":"U","RC":"C","RL":"O"}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Obtain Information"}]}]},"references":{"reference_data":[{"name":"106236","refsource":"BID","url":"http://www.securityfocus.com/bid/106236"},{"name":"https://www.ibm.com/support/docview.wss?uid=swg22014231","refsource":"CONFIRM","url":"https://www.ibm.com/support/docview.wss?uid=swg22014231"},{"name":"ibm-guardium-cve20171597-info-disc(132610)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/132610"}]}},"nvd":{"publishedDate":"2018-12-17 16:29:00","lastModifiedDate":"2019-10-09 23:26:00","problem_types":["CWE-521"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_guardium:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0","versionEndIncluding":"10.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"1597","Ordinal":"97670","Title":"CVE-2017-1597","CVE":"CVE-2017-1597","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"1597","Ordinal":"1","NoteData":"IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"1597","Ordinal":"2","NoteData":"2018-12-17","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"1597","Ordinal":"3","NoteData":"2018-12-19","Type":"Other","Title":"Modified"}]}}}