CVE-2024-22326 - OpenCVE

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: 279518.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Ds8900f Firmware System Storage Ds8000 Management Console Firmware

Configuration 1 [-]

OR	cpe:2.3:o:ibm:ds8900f_firmware:89.22.19.0:::::::*
	cpe:2.3:o:ibm:ds8900f_firmware:89.30.68.0:::::::*
	cpe:2.3:o:ibm:ds8900f_firmware:89.32.40.0:::::::*
	cpe:2.3:o:ibm:ds8900f_firmware:89.33.48.0:::::::*
	cpe:2.3:o:ibm:ds8900f_firmware:89.40.83.0:::::::*
	cpe:2.3:o:ibm:ds8900f_firmware:89.40.93.0:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/279518
https://www.ibm.com/support/pages/node/7156621

History

Tue, 15 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm ds8900f Firmware
CPEs		cpe:2.3:o:ibm:ds8900f_firmware:89.22.19.0:::::::* cpe:2.3:o:ibm:ds8900f_firmware:89.30.68.0:::::::* cpe:2.3:o:ibm:ds8900f_firmware:89.32.40.0:::::::* cpe:2.3:o:ibm:ds8900f_firmware:89.33.48.0:::::::* cpe:2.3:o:ibm:ds8900f_firmware:89.40.83.0:::::::* cpe:2.3:o:ibm:ds8900f_firmware:89.40.93.0:::::::*
Vendors & Products		Ibm ds8900f Firmware

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-06-06T18:19:08.882Z

Updated: 2024-08-01T22:43:34.273Z

Reserved: 2024-01-08T23:42:07.732Z

Link: CVE-2024-22326

Vulnrichment

Updated: 2024-08-01T22:43:34.273Z

NVD

Status : Analyzed

Published: 2024-06-06T19:15:52.137

Modified: 2024-10-15T19:51:10.393

Link: CVE-2024-22326

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22326", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-01-08T23:42:07.732Z", "datePublished": "2024-06-06T18:19:08.882Z", "dateUpdated": "2024-08-01T22:43:34.273Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:o:ibm:system_storage_ds8000_management_console_firmware:89.22.19.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:system_storage_ds8000_management_console_firmware:89.30.68.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:system_storage_ds8000_management_console_firmware:89.32.40.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:system_storage_ds8000_management_console_firmware:89.33.48.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:system_storage_ds8000_management_console_firmware:89.40.83.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:system_storage_ds8000_management_console_firmware:89.40.93.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "System Storage DS8900F", "vendor": "IBM", "versions": [{"status": "affected", "version": "89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, 89.40.93.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.   IBM X-Force ID: 279518."}], "value": "IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. \u00a0 IBM X-Force ID: 279518."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-06-06T18:19:08.882Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7156621"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279518"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM System Storage improper authentication", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-06T20:31:32.504740Z", "id": "CVE-2024-22326", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T20:34:13.149Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.273Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7156621"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279518"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7156621", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279518", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.273Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22326", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-06T20:31:32.504740Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T20:31:38.494Z"}}], "cna": {"title": "IBM System Storage improper authentication", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:o:ibm:system_storage_ds8000_management_console_firmware:89.22.19.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:system_storage_ds8000_management_console_firmware:89.30.68.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:system_storage_ds8000_management_console_firmware:89.32.40.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:system_storage_ds8000_management_console_firmware:89.33.48.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:system_storage_ds8000_management_console_firmware:89.40.83.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:system_storage_ds8000_management_console_firmware:89.40.93.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "System Storage DS8900F", "versions": [{"status": "affected", "version": "89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, 89.40.93.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7156621", "tags": ["vendor-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279518", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. \u00a0 IBM X-Force ID: 279518.", "supportingMedia": [{"type": "text/html", "value": "IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.   IBM X-Force ID: 279518.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-06-06T18:19:08.882Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22326", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:43:34.273Z", "dateReserved": "2024-01-08T23:42:07.732Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-06-06T18:19:08.882Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:ds8900f_firmware:89.22.19.0:*:*:*:*:*:*:*", "matchCriteriaId": "A267414E-0859-4553-AD48-D2A64BE3A46B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:ds8900f_firmware:89.30.68.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BE006ED-0B99-4246-8F7A-F29766B2972E", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:ds8900f_firmware:89.32.40.0:*:*:*:*:*:*:*", "matchCriteriaId": "02F52CB5-DFE0-490B-801A-714B46D03CDA", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:ds8900f_firmware:89.33.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E55E128-B1F1-4E1D-BA57-85DCA7AADEAB", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:ds8900f_firmware:89.40.83.0:*:*:*:*:*:*:*", "matchCriteriaId": "3ADADE10-E7D1-4FC6-B755-88CE28BFAADE", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:ds8900f_firmware:89.40.93.0:*:*:*:*:*:*:*", "matchCriteriaId": "919EDF00-BF73-4EE1-8D7F-2365C872C8E9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. \u00a0 IBM X-Force ID: 279518."}, {"lang": "es", "value": "IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0 y 89.40.93.0 podr\u00edan permitir a un usuario remoto crear una conexi\u00f3n LDAP con un nombre de usuario v\u00e1lido y una contrase\u00f1a vac\u00eda para establecer una conexi\u00f3n an\u00f3nima. ID de IBM X-Force: 279518."}], "id": "CVE-2024-22326", "lastModified": "2024-10-15T19:51:10.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.4, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2024-06-06T19:15:52.137", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279518"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7156621"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}