Primary

Context

IBM Informix Dynamic Server Account Brute Force Vulnerability

Vulnerability

Patched

A vulnerability exists in IBM Informix Dynamic Server versions 12.10 and 14.10, where an inadequate account lockout policy could enable remote attackers to brute force account credentials. The application fails to lock out users after multiple incorrect password attempts, allowing for repeated login attempts without restriction.

Impact

Exploitation of this vulnerability could lead to unauthorized access through successful credential brute forcing.

Remediation

Users can upgrade to IBM Informix HQ versions 12.10.xC16W2, 14.10.xC11W1, or Informix HQ version 3.0.0 to address this vulnerability. These fixes are available on IBM Fix Central. Follow the instructions for database server upgrades in the Informix Servers documentation.

Added: Jul 28, 2025, 4:22 PM

Updated: Jul 28, 2025, 4:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

7.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

7.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Informix Dynamic Server Account Brute Force Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Informix Dynamic Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating