Container Vulnerability Could Allow Download of Incorrect Files
CVE-2023-32329

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Docker
Vendor: CVE Published:; 3 February 2024

Summary

A vulnerability in IBM Security Access Manager Container allows users to download files from an unauthorized repository due to improper file validation. This issue affects specific versions of the IBM Security Verify Access Appliance and Docker, posing a significant risk of unauthorized data access. Remediation and proper validation techniques are essential to mitigate potential exploitation. Organizations using the affected products should apply the recommended updates to ensure their security.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.6.1

Security Verify Access Docker 10.0.0.0 <= 10.0.6.1

References

https://www.ibm.com/support/pages/node/7106586

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/254972

vdb-entry

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2024
Vulnerability Reserved
May 8, 2023