IBM Security Access Manager Container privilege escalation
CVE-2023-31003

7.8HIGH

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Docker
Vendor: CVE Published:; 11 January 2024

Summary

The IBM Security Access Manager, specifically within the IBM Security Verify Access Appliance and Docker versions, is susceptible to a flaw that may allow a local user to gain unauthorized root access. This vulnerability arises from improper access controls that fail to adequately secure administrative functionalities, potentially leading to serious implications for system integrity and sensitive data exposure. Organizations using the affected versions are strongly advised to review their deployment configurations and apply any available patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.6.1

Security Verify Access Docker 10.0.0.0 <= 10.0.6.1

References

https://www.ibm.com/support/pages/node/7106586

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/254658

vdb-entry

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2024
Vulnerability Reserved
Apr 21, 2023