CVE-2021-29742: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Verify Access Docker 10.0.0 contained a vulnerability (CVE-2021-29742) that could allow a user to impersonate another user on the system. The vulnerability was discovered and disclosed in July 2021, affecting the IBM Security Verify Access Docker container version 10.0.0 (IBM Security Bulletin).

The vulnerability has a CVSS base score of 7.9 with vector CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H. This indicates that the vulnerability requires adjacent network access, has high attack complexity, needs no privileges, requires user interaction, and if exploited could lead to high impacts on confidentiality, integrity, and availability with changed scope (IBM Security Bulletin).

If successfully exploited, this vulnerability allows an attacker to impersonate other users on the system, potentially leading to unauthorized access to sensitive information and system resources. The high CVSS scores for confidentiality, integrity, and availability (all rated as High) indicate severe potential consequences if exploited (IBM Security Bulletin).

IBM has released a patch for this vulnerability in version 10.0.2.0 of the IBM Security Verify Access Docker container. Users are advised to update their installations by pulling the latest container from the Docker Hub using the command: docker pull ibmcom/verify-access:10.0.2.0 (IBM Security Bulletin).