CVE-2023-31003: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Access Manager Container (IBM Security Verify Access Appliance and Docker versions 10.0.0.0 through 10.0.6.1) was found to contain a critical security vulnerability identified as CVE-2023-31003. The vulnerability was discovered and disclosed in January 2024, allowing local users to obtain root access due to improper access controls (IBM Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) by NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while IBM Corporation assessed it with a CVSS score of 8.4 (High) and vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-59 (Improper Link Resolution Before File Access) (NVD).

If exploited, this vulnerability allows local users to escalate their privileges and obtain root access to the system, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability (IBM Advisory).

IBM has released security updates to address this vulnerability. Users are strongly encouraged to update their systems to the latest version. For Docker Container users, the fix can be obtained by running the command 'docker pull icr.io/isva/verify-access:[tag]' with the latest published version. For ISAM/ISVA appliances, users should update to version 10.0.7-ISS-ISVA-FP0000 (IBM Advisory).