CVE-2023-31001

CWE-2573 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 87.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Verify Access IBM Security Verify Access Docker IBM Security Verify Access Appliance

Timeline

PublishedJan 11

Description

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.4 | Impact: 3.6

Affected Packages4 packages

▶NVDibm/security_verify_access_docker10.0.0.0 — 10.0.0.7

▶CVEListV5ibm/security_verify_access_docker10.0.0.0 — 10.0.6.1

▶CVEListV5ibm/security_verify_access_appliance10.0.0.0 — 10.0.6.1

▶NVDibm/security_verify_access10.0.0.0 — 10.0.0.7

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM Security Access Manager Container information disclosure↗2024-01-11

▶

GHSA

GHSA-h8w2-c9wm-f46f: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10↗2024-01-11

▶