CVE-2023-30999: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

CVE-2023-30999 affects IBM Security Access Manager Container (IBM Security Verify Access Appliance and Docker versions 10.0.0.0 through 10.0.6.1). The vulnerability was disclosed on February 2, 2024, and allows attackers to cause a denial of service through uncontrolled resource consumption (IBM Advisory).

The vulnerability has a CVSS v3.1 Base Score of 7.5 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. This indicates the vulnerability is network-accessible, requires low attack complexity, needs no privileges or user interaction, has unchanged scope, and can cause high availability impact with no impact to confidentiality or integrity. The vulnerability is classified as CWE-400 (Uncontrolled Resource Consumption) (NVD).

The primary impact of this vulnerability is on system availability. An attacker can cause a denial of service condition through uncontrolled resource consumption, potentially making the system unavailable to legitimate users. There are no reported impacts on system confidentiality or integrity (IBM Advisory).

IBM has released security updates to address this vulnerability. Users are strongly encouraged to update their systems to the latest version. For Docker Container users, the fix can be obtained by running the command 'docker pull icr.io/isva/verify-access:[tag]' with the latest published version. For ISAM/ISVA appliances, users should upgrade to version 10.0.7-ISS-ISVA-FP0000 (IBM Advisory).