IBM SAM Docker 10.0.0.0-10.0.7.1: Malicious Package Install Vulnerability
CVE-2023-38370 Published on June 27, 2024

IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Products Associated with CVE-2023-38370

stack.watch emails you whenever new vulnerabilities are published in IBM Security Access Manager or IBM Security Verify Access Docker. Just hit a watch button to start following.

IBM Security Access Manager

IBM Security Verify Access Docker

Affected Versions

IBM Security Access Manager Docker:

Version 10.0.0.0, <= 10.0.7.1 is affected.

Exploit Probability

EPSS

0.06%

Percentile

18.90%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

IBM SAM Docker 10.0.0.0-10.0.7.1: Malicious Package Install VulnerabilityCVE-2023-38370 Published on June 27, 2024

Vulnerability Analysis

Weakness Type

Incorrect Default Permissions

Products Associated with CVE-2023-38370

Affected Versions

Exploit Probability

IBM SAM Docker 10.0.0.0-10.0.7.1: Malicious Package Install Vulnerability
CVE-2023-38370 Published on June 27, 2024