CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.
[
{
"product": "Identity Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "12.6 through 12.6 SP8"
},
{
"status": "affected",
"version": "14.0"
},
{
"status": "affected",
"version": "14.1"
}
]
}
]