CVE-2023-25681

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/247033
https://www.ibm.com/support/pages/node/6962203

Configurations

No configuration.

History

06 Mar 2024, 15:18

Type	Values Removed	Values Added
Summary		(es) Los usuarios de LDAP en IBM Spectrum Virtualize 8.5 que están configurados para requerir autenticación multifactor aún pueden autenticarse en la interfaz CIM utilizando solo el nombre de usuario y la contraseña. Esto no afecta a los usuarios locales con MFA configurado ni a los usuarios remotos que se autentican mediante el inicio de sesión único. ID de IBM X-Force: 247033.

05 Mar 2024, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-05 20:16

Updated : 2024-03-06 15:18

NVD link : CVE-2023-25681

Mitre link : CVE-2023-25681

CVE.ORG link : CVE-2023-25681

JSON object : View

Products Affected

No product.

CWE

CWE-308

Use of Single-factor Authentication

5.3 /10