7.3

CVE-2023-43016

IBM Security Access Manager Container unauthorized access

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password.  IBM X-Force ID:  266154.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmSecurity Verify Access Version >= 10.0.0.0 <= 10.0.6.1
IbmSecurity Verify Access Docker Version >= 10.0.0.0 <= 10.0.6.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.71% 0.487
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
psirt@us.ibm.com 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-258 Empty Password in Configuration File

Using an empty string as a password is insecure.

CWE-521 Weak Password Requirements

The product does not require that users should have strong passwords.

https://www.ibm.com/support/pages/node/7106586
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/266154
Vendor Advisory
VDB Entry
http://seclists.org/fulldisclosure/2024/Nov/0