← Back

CVE-2023-31004

nvd nist
Published: Feb 3, 2024Modified: Nov 3, 2025

JSON object

Loading...
9.0
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 6.0
Source: NVD

Description

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765.

Affected (2)

Ibm
2 products
Security Verify Access
Security Verify Access Docker
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Security Verify Access
From 10.0.0.0 to 10.0.6.1
Security Verify Access Docker
From 10.0.0.0 to 10.0.6.1

Related CWEs

CWE-300
Channel Accessible by Non-Endpoint
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

References (5)

Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: psirt@us.ibm.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.