CVE-2023-25681

CWE-3083 documents3 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 89.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Virtualize
Timeline
PublishedMar 5

Description

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-gfgq-4pqr-j2gw: LDAP users on IBM Spectrum Virtualize 82024-03-05
CVEList
IBM Spectrum Virtualize security bypass2024-03-05
CVE-2023-25681 (MEDIUM CVSS 6.5) | LDAP users on IBM Spectrum Virtuali | cvebase.io