IBM Security Access Manager Vulnerability Allows Malicious Package Installation

CVE-2023-38370

7.5HIGH

Key Information

Vendor: IBM
Status: Security Access Manager Docker
Vendor: Published:; 27 June 2024

Summary

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.

Affected Version(s)

Security Access Manager Docker <= 10.0.7.1

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Timeline

Vulnerability published.
Jun 27, 2024
Vulnerability Reserved.
Jul 16, 2023

Collectors

NVD DatabaseMitre Database