CVE-2024-22326 MEDIUM

CVE-2024-22326: IBM System Storage improper authentication

Vendor Ibm
Product System Storage DS8900F
Weakness CWE-306 · Missing auth
Published June 6, 2024
Last update August 1, 2024

CVSS base score

5.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.   IBM X-Force ID: 279518.

Key dates

02Disclosure timeline

June 6, 2024 CVE published
August 1, 2024 Record updated