Insecure Calls in IBM Security Verify Access Could Lead to Server Takeover
CVE-2023-32330

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Docker
Vendor: CVE Published:; 7 February 2024

Summary

IBM Security Verify Access versions 10.0.0.0 to 10.0.6.1 has a vulnerability due to the use of insecure calls that can be exploited by an attacker on the network. This flaw may allow unauthorized users to execute arbitrary code remotely, leading to potential server control compromise. Organizations utilizing this software should take immediate steps to apply security patches or updates as recommended by IBM to mitigate the risks associated with this vulnerability.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.6.1

Security Verify Access Docker 10.0.0.0 <= 10.0.6.1

References

https://www.ibm.com/support/pages/node/7106586

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/254977

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2024
Vulnerability Reserved
May 8, 2023