Empty Password Vulnerability in IBM Security Access Manager Container Could Allow Remote User Logins
CVE-2023-43016

7.3HIGH

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Docker
Vendor: CVE Published:; 3 February 2024

What is CVE-2023-43016?

A vulnerability exists within IBM Security Access Manager that may permit unauthorized remote access to the underlying server. This issue arises from the presence of user accounts configured with no password, allowing potential attackers to authenticate without proper credentials. The affected versions include IBM Security Verify Access Appliance and Docker from 10.0.0.0 to 10.0.6.1. Organizations utilizing these software products should review their account configuration practices to mitigate the risk of unauthorized logins and protect sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.6.1

Security Verify Access Docker 10.0.0.0 <= 10.0.6.1

References

https://www.ibm.com/support/pages/node/7106586

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/266154

vdb-entry

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2024
Vulnerability Reserved
Sep 15, 2023

JSON

IBM