Empty Password Vulnerability in IBM Security Access Manager Container Could Allow Remote User Logins
CVE-2023-43016

7.3HIGH

Key Information:

Vendor

IBM
Status
Security Verify Access Appliance
Security Verify Access Docker
Vendor
CVE Published:
3 February 2024

What is CVE-2023-43016?

A vulnerability exists within IBM Security Access Manager that may permit unauthorized remote access to the underlying server. This issue arises from the presence of user accounts configured with no password, allowing potential attackers to authenticate without proper credentials. The affected versions include IBM Security Verify Access Appliance and Docker from 10.0.0.0 to 10.0.6.1. Organizations utilizing these software products should review their account configuration practices to mitigate the risk of unauthorized logins and protect sensitive information.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.6.1

Security Verify Access Docker 10.0.0.0 <= 10.0.6.1

References

https://www.ibm.com/support/pages/node/7106586
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/266154
vdb-entry

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-43016 : Empty Password Vulnerability in IBM Security Access Manager Container Could Allow Remote User Logins