IBM Security Access Manager Vulnerability Could Leak Sensitive Information
CVE-2023-38368

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Security Access Manager Docker
Vendor: CVE Published:; 27 June 2024

Summary

IBM Security Access Manager, particularly versions 10.0.0.0 through 10.0.7.1, is susceptible to vulnerabilities that expose sensitive information to local users. This flaw arises from inadequate permission controls, potentially allowing unauthorized access to critical data within the system. Organizations utilizing these versions should review their security measures and apply necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Security Access Manager Docker 10.0.0.0 <= 10.0.7.1

References

https://www.ibm.com/support/pages/node/7158790

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/261195

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 27, 2024
Vulnerability Reserved
Jul 16, 2023