IBM Security Verify Access Vulnerability Could Leak Sensitive Information
CVE-2023-30430

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Access
Vendor: CVE Published:; 27 June 2024

Summary

IBM Security Verify Access versions 10.0.0 to 10.0.7.1 have a vulnerability that could enable a local user to access sensitive data from trace logs. This situation poses a risk as unauthorized personnel may exploit this access to retrieve critical user information without proper permissions, leading to potential privacy violations and exposure of confidential data. It is crucial for users of the affected versions to take immediate action to mitigate the risks associated with this vulnerability.

Affected Version(s)

Security Verify Access 10.0.0.0 <= 10.0.7.1

References

https://www.ibm.com/support/pages/node/7158789

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/252183

vdb-entry

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 27, 2024
Vulnerability Reserved
Apr 8, 2023