IBM Security Access Manager Container Vulnerability
CVE-2023-38369

7.5HIGH

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Docker
Vendor: CVE Published:; 7 February 2024

Summary

IBM Security Access Manager Container versions 10.0.0.0 through 10.0.6.1 have a concerning vulnerability relating to the enforcement of password policies for Docker images. By default, these products do not mandate strong passwords, which can facilitate unauthorized access and compromise user accounts. The lack of a secure password requirement highlights the importance of implementing effective security measures to protect sensitive information and maintain the integrity of user accounts. Organizations using these particular versions should assess their security configurations, ensuring that robust password policies and best practices are enforced to mitigate risks associated with weak authentication mechanisms.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.6.1

Security Verify Access Docker 10.0.0.0 <= 10.0.6.1

References

https://www.ibm.com/support/pages/node/7106586

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/261196

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2024
Vulnerability Reserved
Jul 16, 2023