CVE-2023-38267

CWE-3113 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 96.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Verify Access IBM Security Verify Access Docker IBM Security Verify Access Appliance

Timeline

PublishedJan 11

Description

IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5ibm/security_verify_access_appliance10.0.0.0 — 10.0.6.1

▶NVDibm/security_verify_access_docker10.0.0.0 — 10.0.0.7

▶CVEListV5ibm/security_verify_access_docker10.0.0.0 — 10.0.6.1

▶NVDibm/security_verify_access10.0.0.0 — 10.0.0.7

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-f7xq-h59m-63ch: IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10↗2024-01-11

▶

CVEList

IBM Security Access Manager Appliance information disclosure↗2024-01-11

▶