CVE-2023-25681

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033.

Published: Mar 5, 2024
Updated: May 4, 2025
CVE: CVE-2023-25681
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWEs:

CWE-308

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
ibm / spectrum_virtualize	8.5.0.0	8.5.0.0.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/247033
https://www.ibm.com/support/pages/node/6962203

Vulnerability Database

289,697

CVE-2023-25681