ID

VAR-202401-2391


CVE

CVE-2023-31001


DESCRIPTION

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.

Trust: 1.0

sources: NVD: CVE-2023-31001

AFFECTED PRODUCTS

vendor:ibmmodel:security verify access dockerscope:gteversion:10.0.0.0

Trust: 1.0

vendor:ibmmodel:security verify accessscope:ltversion:10.0.0.7

Trust: 1.0

vendor:ibmmodel:security verify access dockerscope:ltversion:10.0.0.7

Trust: 1.0

vendor:ibmmodel:security verify accessscope:gteversion:10.0.0.0

Trust: 1.0

sources: NVD: CVE-2023-31001

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-31001
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2023-31001
value: MEDIUM

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@us.ibm.com:
baseSeverity: MEDIUM
baseScore: 5.1
vectorString: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.4
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-31001 // NVD: CVE-2023-31001

PROBLEMTYPE DATA

problemtype:CWE-257

Trust: 1.0

sources: NVD: CVE-2023-31001

CONFIGURATIONS

sources: NVD: CVE-2023-31001

EXTERNAL IDS

db:NVDid:CVE-2023-31001

Trust: 1.0

sources: NVD: CVE-2023-31001

REFERENCES

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/254653

Trust: 1.0

url:https://www.ibm.com/support/pages/node/7106586

Trust: 1.0

sources: NVD: CVE-2023-31001

SOURCES

db:NVDid:CVE-2023-31001

LAST UPDATE DATE

2024-03-07T22:52:24.051000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-31001date:2024-01-18T17:06:28.277

SOURCES RELEASE DATE

db:NVDid:CVE-2023-31001date:2024-01-11T03:15:09.413