CVE-2023-31001: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. The vulnerability was disclosed on January 11, 2024, and is tracked as CVE-2023-31001 (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. The vulnerability impacts confidentiality but does not affect integrity or availability (NVD).

The vulnerability allows a local user to access sensitive information stored temporarily in files. The impact is limited to confidentiality, with no direct impact on system integrity or availability (IBM Advisory).

IBM has released patches to address this vulnerability. Users are encouraged to update to the latest version. For Docker Container users, the fix can be obtained by running the command 'docker pull icr.io/isva/verify-access:[tag]' with the latest published version. For ISAM/ISVA appliances, users should update to version 10.0.7-ISS-ISVA-FP0000 (IBM Advisory).