CVE-2023-31003 — Link Following in IBM Security Verify Access

CWE-59 — Link Following3 documents3 sources

Severity

7.8HIGHNVD

CNA8.4

EPSS

0.0%

top 91.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Verify Access IBM Security Verify Access Docker IBM Security Verify Access Appliance

Timeline

PublishedJan 11

Description

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDibm/security_verify_access_docker10.0.0.0 — 10.0.0.7

▶CVEListV5ibm/security_verify_access_docker10.0.0.0 — 10.0.6.1

▶CVEListV5ibm/security_verify_access_appliance10.0.0.0 — 10.0.6.1

▶NVDibm/security_verify_access10.0.0.0 — 10.0.0.7

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM Security Access Manager Container privilege escalation↗2024-01-11

▶

GHSA

GHSA-mj69-3r69-43wq: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10↗2024-01-11

▶