Vulnerability Details : CVE-2023-25681
LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033.
Products affected by CVE-2023-25681
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2023-25681
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-25681
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |
1.6
|
3.6
|
IBM Corporation | 2024-03-05 |
CWE ids for CVE-2023-25681
-
The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.Assigned by: psirt@us.ibm.com (Primary)
References for CVE-2023-25681
-
https://www.ibm.com/support/pages/node/6962203
Security Bulletin: MFA may be bypassed for LDAP users in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/247033
IBM Spectrum Virtualize security bypass CVE-2023-25681 Vulnerability Report
Jump to