MEDIUM🇬🇧 English

CVE-2023-25681

CVSS 5.3v3.1pub. 2024-03-05upd. 2025-03-04

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
  • IBM Spectrum Virtualize

    APP
    Ibm
    8.5.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-38969CRITICAL9.8ten sam produkt

IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reus...

CVE-2021-29873HIGH8.1ten sam produkt

IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial ...

CVE-2020-4686HIGH8.1ten sam produkt

IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges an...

CVE-2018-1438HIGH7.5ten sam produkt

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3,...

CVE-2018-1462HIGH7.6ten sam produkt

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3,...