Sensitive Information Stored in Accessible Files
CVE-2023-31002

5.1MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Docker
Vendor: CVE Published:; 7 February 2024

What is CVE-2023-31002?

IBM Security Access Manager Container versions 10.0.0.0 to 10.0.6.1 exhibit a vulnerability where sensitive information is stored temporarily in files. This information can be accessed by a local user, potentially leading to unauthorized access to sensitive data. System administrators and security professionals should be aware of this issue and take appropriate measures to mitigate the risk.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.6.1

Security Verify Access Docker 10.0.0.0 <= 10.0.6.1

References

https://www.ibm.com/support/pages/node/7106586

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/254657

vdb-entry

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2024
Vulnerability Reserved
Apr 21, 2023