What is CVE-2023-38369?

CVE-2023-38369 is a medium-severity vulnerability in Ibm Security Verify Access Appliance, classified under Weak Password Requirements. CVSS score: 6.2/10. Published 2024-02-07.

How severe is CVE-2023-38369?

Medium severity. CVSS v3 base score is 6.2 out of 10.

Vulnerability in Ibm Security Verify Access Appliance

CVE-2023-38369

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.

EPSS: 0.001 (17.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Ibm Security Verify Access Appliance — versions 10.0.0.0
Ibm Security Verify Access Docker — versions 10.0.0.0

Weakness classification (CWE)

CWE-521 — Weak Password Requirements

References

www.ibm.com/support/pages/node/7106586 (vendor-advisory)
exchange.xforce.ibmcloud.com/vulnerabilities/261196 (vdb-entry)

Frequently asked questions

What is CVE-2023-38369?: CVE-2023-38369 is a medium-severity vulnerability in Ibm Security Verify Access Appliance, classified under Weak Password Requirements. CVSS score: 6.2/10. Published 2024-02-07.
How severe is CVE-2023-38369?: Medium severity. CVSS v3 base score is 6.2 out of 10.