exploitDog

CVE-2023-25681

Опубликовано: 05 мар. 2024

Источник: nvd

CVSS3: 5.3

CVSS3: 6.5

EPSS Низкий

Описание

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/247033
Vendor Advisory
https://www.ibm.com/support/pages/node/6962203
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/247033
Vendor Advisory
https://www.ibm.com/support/pages/node/6962203
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:spectrum_virtualize:8.5.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00035

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-308

Связанные уязвимости

GHSA-gfgq-4pqr-j2gw

CVSS3: 5.3

github

почти 2 года назад

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033.

EPSS

Процентиль: 10%

0.00035

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-308