Remote Attack via Man-in-the-Middle Techniques
CVE-2023-31004

9CRITICAL

Key Information:

Vendor
IBM
Status
Security Verify Access Appliance
Security Verify Access Docker
Vendor
CVE Published:
3 February 2024

Summary

The vulnerability in IBM Security Access Manager Container enables remote attackers to exploit the system using man-in-the-middle techniques. Attackers can potentially gain unauthorized access to the underlying system, posing significant security risks to organizations relying on IBM Security Verify Access Appliance and Docker versions within the specified range. Proper measures and updates are crucial to safeguard against such vulnerabilities.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.6.1

Security Verify Access Docker 10.0.0.0 <= 10.0.6.1

References

https://www.ibm.com/support/pages/node/7106586
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/254765
vdb-entry

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.