7.3
CVE-2023-43016
- EPSS 0.07%
- Veröffentlicht 03.02.2024 01:15:09
- Zuletzt bearbeitet 21.11.2024 08:23:37
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Security Verify Access Version >= 10.0.0.0 <= 10.0.6.1
Ibm ≫ Security Verify Access Docker Version >= 10.0.0.0 <= 10.0.6.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.226 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| psirt@us.ibm.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-258 Empty Password in Configuration File
Using an empty string as a password is insecure.
CWE-521 Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.