Potential Remote Access Vulnerability in IBM Security Verify Access
CVE-2023-43017

7.2HIGH

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Docker
Vendor: CVE Published:; 7 February 2024

Summary

IBM Security Verify Access versions 10.0.0.0 through 10.0.6.1 are susceptible to a vulnerability that permits a privileged user to install a configuration file. This capability can lead to unauthorized remote access, posing significant security risks. Organizations utilizing IBM Security Verify Access should assess their environments, ensure proper permissions are enforced, and apply necessary mitigations to protect against potential exploitation.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.6.1

Security Verify Access Docker 10.0.0.0 <= 10.0.6.1

References

https://www.ibm.com/support/pages/node/7106586

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/266155

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2024
Vulnerability Reserved
Sep 15, 2023