CVE-2023-31002

CWE-312Cleartext Storage of Sensitive InfoCWE-2563 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 97.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Security Verify Access ApplianceIBM Security Verify Access DockerIBM Security Access Manager Container
Timeline
PublishedFeb 7

Description

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.4 | Impact: 3.6

Affected Packages3 packages

NVDibm/security_access_manager_container10.0.0.010.0.6.1
CVEListV5ibm/security_verify_access_docker10.0.0.010.0.6.1
CVEListV5ibm/security_verify_access_appliance10.0.0.010.0.6.1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM Security Access Manager Container information disclosure2024-02-07
GHSA
GHSA-39f6-9c52-27p8: IBM Security Access Manager Container 102024-02-07
CVE-2023-31002 (MEDIUM CVSS 5.5) | IBM Security Access Manager Contain | cvebase.io