Details of VAR-202401-2391

ID

VAR-202401-2391

CVE

CVE-2023-31001

DESCRIPTION

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.

Trust: 1.0

sources: NVD: CVE-2023-31001

AFFECTED PRODUCTS

vendor:	ibm	model:	security verify access docker	scope:	gte	version:	10.0.0.0	Trust: 1.0
vendor:	ibm	model:	security verify access	scope:	lt	version:	10.0.0.7	Trust: 1.0
vendor:	ibm	model:	security verify access docker	scope:	lt	version:	10.0.0.7	Trust: 1.0
vendor:	ibm	model:	security verify access	scope:	gte	version:	10.0.0.0	Trust: 1.0

sources: NVD: CVE-2023-31001

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-31001
value:	MEDIUM
Trust: 1.0
psirt@us.ibm.com:	CVE-2023-31001
value:	MEDIUM
Trust: 1.0

NVD:
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@us.ibm.com:
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.4
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: NVD: CVE-2023-31001 // NVD: CVE-2023-31001

PROBLEMTYPE DATA

problemtype:

CWE-257

Trust: 1.0

sources: NVD: CVE-2023-31001

CONFIGURATIONS

sources: NVD: CVE-2023-31001

EXTERNAL IDS

db:

NVD

id:

CVE-2023-31001

Trust: 1.0

sources: NVD: CVE-2023-31001

REFERENCES

url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/254653	Trust: 1.0
url:	https://www.ibm.com/support/pages/node/7106586	Trust: 1.0

sources: NVD: CVE-2023-31001

SOURCES

db:

NVD

id:

CVE-2023-31001

LAST UPDATE DATE

2024-03-07T22:52:24.051000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2023-31001

date:

2024-01-18T17:06:28.277

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2023-31001

date:

2024-01-11T03:15:09.413