CVE-2023-38370

Description

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

ibm / security_verify_access_docker10.0.0.0 – 10.0.0.0
ibm / security_verify_access_docker10.0.7.1 – 10.0.7.1

References

MISChttps://www.ibm.com/support/pages/node/7158790
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/261197