PT-2024-12718 · Ibm · Ibm Security Access Manager Docker

Pierre Barre

·

Published

2024-06-27

·

Updated

2024-07-31

·

CVE-2023-38370

CVSS v3.1

7.5

High

VectorAV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions IBM Security Access Manager Docker versions 10.0.0.0 through 10.0.7.1
Description The issue allows a user on the network to install malicious packages under certain configurations.
Recommendations For IBM Security Access Manager Docker versions 10.0.0.0 through 10.0.7.1, consider restricting network access to prevent malicious package installations until a fix is available.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2023-38370

Affected Products

Ibm Security Access Manager Docker