Executive Summary

VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.

Why It Matters

CVE-1999-1324 is rated CRITICAL severity, requiring immediate attention from security teams.

CVSS Base Score: 9.8/10

Affected Technologies

Vendors: hp

Products: openvms_vax

🛡️What Defenders Should Check

Check if you are affected — Review your asset inventory for products listed in CVE-1999-1324.

Apply available patches — Visit vendor advisories for the latest security updates.

Monitor for exploitation — Check your SIEM/IDS logs for related indicators.

Use Vulnios to continuously monitor your exposure to CVE-1999-1324 and similar vulnerabilities.

References & Sources

http://ciac.llnl.gov/ciac/bulletins/d-06.shtml

https://exchange.xforce.ibmcloud.com/vulnerabilities/7225

http://ciac.llnl.gov/ciac/bulletins/d-06.shtml

https://exchange.xforce.ibmcloud.com/vulnerabilities/7225

AI Security Advisor

Get AI-powered security recommendations tailored to this specific threat — including risk assessment, detection guidance, MITRE ATT&CK mapping, and actionable remediation steps.

Affected Products

openvms_vax

Sources

NVD / NIST

critical

Protect Your Organization

Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.

Get Started Free Free Security Scan OSINT Dashboard

Get instant alerts on Telegram

Join our public channel for real-time critical CVE alerts.

Follow @vulnios

Critical Vulnerability: CVE-1999-1324 — hp — openvms_vax