Description
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- ibm / security_verify_access10.0.0.0 – 10.0.0.0
- ibm / security_verify_access10.0.9.0 – 10.0.9.0
- ibm / security_verify_access11.0.0.0 – 11.0.0.0
- ibm / security_verify_access11.0.1.0 – 11.0.1.0
- ibm / security_verify_access_docker10.0.0.0 – 10.0.0.0
- ibm / security_verify_access_docker10.0.9.0 – 10.0.9.0
- ibm / security_verify_access_docker11.0.0.0 – 11.0.0.0
- ibm / security_verify_access_docker11.0.1.0 – 11.0.1.0