IBM Security Access Manager Vulnerability Allows Root Access
CVE-2023-30997

7.8HIGH

Key Information:

Vendor: IBM
Status: Security Access Manager Docker
Vendor: CVE Published:; 27 June 2024

What is CVE-2023-30997?

A vulnerability in IBM Security Access Manager Docker versions 10.0.0.0 to 10.0.7.1 may allow a local user to gain unauthorized root access due to improperly configured access controls. This issue can expose sensitive data and compromise system integrity, necessitating immediate attention from administrators to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Security Access Manager Docker 10.0.0.0 <= 10.0.7.1

References

https://www.ibm.com/support/pages/node/7158790

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/254638

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2024
Vulnerability Reserved
Apr 21, 2023