CVE-2023-43016

Опубликовано: 03 фев. 2024

Источник: nvd

CVSS3: 7.3

EPSS Низкий

Описание

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/266154
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7106586
Patch
Vendor Advisory
http://seclists.org/fulldisclosure/2024/Nov/0
https://exchange.xforce.ibmcloud.com/vulnerabilities/266154
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7106586
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*

Версия от 10.0.0.0 (включая) до 10.0.6.1 (включая)

cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*

Версия от 10.0.0.0 (включая) до 10.0.6.1 (включая)

EPSS

Процентиль: 34%

0.00137

Низкий

7.3 High

CVSS3

Дефекты

CWE-258

CWE-521

Связанные уязвимости

GHSA-pvv5-7gwv-cvmf