IBM Security Access Manager Container Denial of Service Vulnerability
CVE-2023-30999

7.5HIGH

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Docker
Vendor: CVE Published:; 3 February 2024

What is CVE-2023-30999?

A vulnerability in the IBM Security Access Manager Container allows attackers to exploit uncontrolled resource consumption, which can lead to a denial of service. This issue affects both the IBM Security Verify Access Appliance and the IBM Security Verify Access Docker across specific versions, potentially compromising the availability of services relying on these products. Organizations leveraging these tools should review their configurations and updates to ensure they are safeguarded against this vulnerability.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.6.1

Security Verify Access Docker 10.0.0.0 <= 10.0.6.1

References

https://www.ibm.com/support/pages/node/7106586

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/254651

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2024
Vulnerability Reserved
Apr 21, 2023