CVE-2023-31003

Name of the Vulnerable Software and Affected Versions IBM Security Access Manager Container versions 10.0.0.0 through 10.0.6.1 IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1 IBM Security Verify Access Docker version 10.0.6.1

Description The issue is related to improper access controls, which could allow a local user to obtain root access. This is due to incorrect link resolution before accessing a file, potentially enabling an attacker to elevate their privileges to the root level.

Recommendations For IBM Security Access Manager Container versions 10.0.0.0 through 10.0.6.1, update to a version that includes the fix for this issue. For IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1, update to a version that includes the fix for this issue. For IBM Security Verify Access Docker version 10.0.6.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.