SB2024080506 - Multiple vulnerabilities in IBM Security Verify Access Docker

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024080506

SB2024080506 - Multiple vulnerabilities in IBM Security Verify Access Docker

Published: August 5, 2024

Security Bulletin ID SB2024080506
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 14% Low 86%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2023-38371)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to IBM Security Access Manager Docker uses weaker than expected cryptographic algorithms. A remote attacker can gain unauthorized access to sensitive information on the system.


2) Weak password requirements (CVE-ID: CVE-2024-35137)

The vulnerability allows an attacker to perform brute-force attack and guess the password.

The vulnerability exists due to weak password requirements. An attacker can perform a brute-force attack and guess users' passwords.


3) Incorrect default permissions (CVE-ID: CVE-2024-35139)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view sensitive contents of files and directories.


4) Improper access control (CVE-ID: CVE-2023-30998)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain unauthorized access to the application.


5) Improper access control (CVE-ID: CVE-2023-30997)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain unauthorized access to the application.


6) Incorrect authorization (CVE-ID: CVE-2023-38368)

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to improper permission controls. A local user can trigger the vulnerability and disclose sensitive information.


7) Incorrect default permissions (CVE-ID: CVE-2023-38370)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A remote user with access to the system can view contents of files and directories or install malicious packages.


Remediation

Install update from vendor's website.

References