IBM Security Access Manager Container information disclosure
CVE-2023-31001

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Docker
Vendor: CVE Published:; 11 January 2024

Summary

IBM Security Access Manager Container suffers from a vulnerability that temporarily saves sensitive user information in local files, which can be accessed by unauthorized local users. This exposure poses significant risks to the confidentiality and integrity of data stored within the system, necessitating immediate attention and remediation actions to safeguard against potential data breaches.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.6.1

Security Verify Access Docker 10.0.0.0 <= 10.0.6.1

References

https://www.ibm.com/support/pages/node/7106586

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/254653

vdb-entry

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2024
Vulnerability Reserved
Apr 21, 2023