CVE-2023-43016

HIGH Year: 2023
CVSS v3 Score
7.3
High
Weakness Type
CWE-258
View all →

Vulnerability Description

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154.

Related Vulnerabilities

CVE-2020-29478

HIGH
CVSS:7.5(High)

CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.

CWE-2582020

CVE-2024-35137

MEDIUM
CVSS:6.2(Medium)

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292...

CWE-2582024

CVE-2024-28744

HIGH
CVSS:8.8(High)

The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product wi...

CWE-2582024

CVE-2018-17914

CRITICAL
CVSS:9.8(Critical)

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely ex...

CWE-2582018

CVE-2019-5021

CRITICAL
CVSS:9.8(Critical)

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015...

CWE-2582019

CVE-2023-39439

CRITICAL
CVSS:9.8(Critical)

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.

CWE-2582023