CVE-2017-1221

critical

Published 2017-11-13 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

5.0

VIR risk

9.8

Description

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — https://exchange.xforce.ibmcloud.com/vulnerabilities/123861

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg22010177

Application impact

Vendor	Product	Versions	Fixed
ibm	bigfix_platform	`9.2`
ibm	bigfix_platform	`9.5`

References

http://www.ibm.com/support/docview.wss?uid=swg22010177
http://www.securityfocus.com/bid/101683
https://exchange.xforce.ibmcloud.com/vulnerabilities/123861
http://www.ibm.com/support/docview.wss?uid=swg22010177
http://www.securityfocus.com/bid/101683
https://exchange.xforce.ibmcloud.com/vulnerabilities/123861

CWEs

CWE-521

Verify integrity in audit chain (admin only). AS-IS.