IBM System Storage DS8900F (v89.*) Remote LDAP Anonymous Auth Vulnerability
CVE-2024-22326 Published on June 6, 2024

IBM System Storage improper authentication
IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.   IBM X-Force ID: 279518.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-22326 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.


Products Associated with CVE-2024-22326

Want to know whenever a new CVE is published for IBM Ds8900f Firmware? stack.watch will email you.

IBM Ds8900f Firmware
 

Affected Versions

IBM System Storage DS8900F Version 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, 89.40.93.0 is affected by CVE-2024-22326

Exploit Probability

EPSS
0.07%
Percentile
20.32%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.