CVE Vulnerabilities

CVE-2023-25681

Use of Single-factor Authentication

Published: Mar 05, 2024 | Modified: Mar 04, 2025
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033.

Weakness

The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.

Affected Software

Name Vendor Start Version End Version
Spectrum_virtualize Ibm 8.5.0.0 (including) 8.5.0.0 (including)

Potential Mitigations

References