CVE-2023-31004

EPSS 0.13%
Veröffentlicht 03.02.2024 01:15:08
Zuletzt bearbeitet 03.11.2025 22:16:14
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

IBM Security Access Manager Container gain access

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques.  IBM X-Force ID:  254765.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Security Verify Access Version >= 10.0.0.0 <= 10.0.6.1

Ibm ≫ Security Verify Access Docker Version >= 10.0.0.0 <= 10.0.6.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.338

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	2.2	6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
psirt@us.ibm.com	8.3	1.6	6	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-300 Channel Accessible by Non-Endpoint

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

https://www.ibm.com/support/pages/node/7106586

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/254765

Vendor Advisory

VDB Entry

http://seclists.org/fulldisclosure/2024/Nov/0

https://nvd.nist.gov/vuln/detail/CVE-2023-31004

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-31004

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-31004

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-31004