IBM Security Access Manager Container Privilege Escalation Vulnerability
CVE-2023-31005

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Docker
Vendor: CVE Published:; 3 February 2024

What is CVE-2023-31005?

A security configuration issue in IBM Security Access Manager Container enables local users to potentially escalate their privileges within the system. This issue affects versions 10.0.0.0 through 10.0.6.1 of both the IBM Security Verify Access Appliance and the Docker version. Due to improper security settings, local users may exploit this vulnerability to gain elevated rights, compromising the system's integrity and security. Prompt attention and remediation are advisable to mitigate potential exploitation risks.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.6.1

Security Verify Access Docker 10.0.0.0 <= 10.0.6.1

References

https://www.ibm.com/support/pages/node/7106586

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/254767

vdb-entry

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2024
Vulnerability Reserved
Apr 21, 2023