7PK - Security Features
IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 18.104.22.168 IF4, and 9.0 before 22.214.171.124 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CWE-254 - Security Features
Security features are integrated into the application infrastructure to protect its resources and the trusted environment against a known exploit, threat, or vulnerability. However, flawed, disabled, or absent security features expose the application to a variety of attacks. This is a multidimensional vulnerability with broad potential impact. It can lead to defacement, confidentiality compromise, system takeover, etc.