PT-2024-1198 · Ibm · Ibm Security Verify Access Appliance+1
Published
2024-01-11
·
Updated
2024-01-18
·
CVE-2023-31001
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Security Verify Access Docker versions 10.0.0.0 through 10.0.6.1
IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1
Description
The issue is related to the storage of sensitive information in a recoverable format, potentially allowing an attacker to disclose protected information. Specifically, the system temporarily stores sensitive information in files that could be accessed by a local user.
Recommendations
For IBM Security Verify Access Docker versions 10.0.0.0 through 10.0.6.1, consider restricting access to sensitive files until a patch is available.
For IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1, consider restricting access to sensitive files until a patch is available.
As a temporary workaround, consider disabling local user access to sensitive information storage until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Verify Access Appliance
Ibm Security Verify Access Docker