CVE-2023-38369

CWE-5213 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 83.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Verify Access Appliance IBM Security Verify Access Docker IBM Security Access Manager Container

Timeline

PublishedFeb 7

Description

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages3 packages

▶NVDibm/security_access_manager_container10.0.0.0 — 10.0.6.1

▶CVEListV5ibm/security_verify_access_docker10.0.0.0 — 10.0.6.1

▶CVEListV5ibm/security_verify_access_appliance10.0.0.0 — 10.0.6.1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-fmj7-fpwq-79r4: IBM Security Access Manager Container 10↗2024-02-07

▶

CVEList

IBM Security Access Manager Container information disclosure↗2024-02-07

▶