5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
The updates indicated below have been released to address CVE-2024-22326 (Deny unauthenticated-bind LDAP connection request).
CVEID:CVE-2024-22326
**DESCRIPTION:**IBM System Storage DS8000 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279518 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
Affected Products/Versions guidance:
All versions of microcode for the DS8900F prior to and including the following version(s) are affected.
**Note 1:**CVE 2024-22326 only affects those DS8900F HMCs which connects to LDAP server(s) that allow unauthenticated BIND.
Affected Product(s)|**Version(s)
**
—|—
R9.2| 89.22.19.0
R9.3|
89.30.68.0
89.32.40.0
89.33.48.0
R9.4|
89.40.83.0
89.40.93.0
Remediation/Fixes guidance:
DS8900F fixes are delivered in Microcode Bundle 89.41.23.0 R9.4 SP1.1
DS8900F customers should either schedule Remote Code Load (RCL) via <https://www.ibm.com/support/pages/ibm-remote-code-load> or contact IBM support, and request that 89.41.23.0 be applied to their systems.
NOTE : For the current recommended code releases, please see <https://www.ibm.com/support/pages/ds8000-code-recommendation>
Workarounds/Mitigation guidance:
IBM strongly recommends addressing the vulnerability now by upgrading to LDAP server version that disables Unauthenticated Bind .
CPE | Name | Operator | Version |
---|---|---|---|
note 1: cve | ge | 2024 | |
note 1: cve | le | 22326 | |
r9.2 | eq | 89.22.19.0 | |
r9.3 89.30.68.0 89.32.40.0 | eq | 89.33.48.0 | |
r9.4 89.40.83.0 | eq | 89.40.93.0 |
5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%