CVE-2024-22326

Name of the Vulnerable Software and Affected Versions IBM System Storage DS8900F versions 89.22.19.0 through 89.40.93.0

Description The issue allows a remote user to create an LDAP connection with a valid username and an empty password, potentially establishing an anonymous connection.

Recommendations For versions 89.22.19.0 through 89.40.93.0, consider disabling LDAP connections that allow empty passwords as a temporary workaround until a patch is available. Restrict access to the LDAP connection module to minimize the risk of exploitation. Avoid using empty passwords in the affected LDAP connection until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.