CVE-2023-25681 — MEDIUM (5.3)

Vulnerability Description

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Spectrum Virtualize	8.5.0.0

Related Weaknesses (CWE)

CWE-308

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/247033Vendor Advisory
https://www.ibm.com/support/pages/node/6962203Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/247033Vendor Advisory
https://www.ibm.com/support/pages/node/6962203Vendor Advisory

FAQ

What is CVE-2023-25681?

CVE-2023-25681 is a vulnerability with a CVSS score of 5.3 (MEDIUM). LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect ...

How severe is CVE-2023-25681?

CVE-2023-25681 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-25681?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Virtualize.