CVE-2023-31004: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. The vulnerability was disclosed on February 2, 2024, and is tracked as CVE-2023-31004 with IBM X-Force ID: 254765 (NVD, IBM Security Bulletin).

The vulnerability has been assigned a CVSS v3.1 Base Score of 9.0 CRITICAL (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) by NIST NVD, while IBM Corporation rated it with a Base Score of 8.3 HIGH (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). The vulnerability is related to man-in-the-middle attack techniques that could compromise the system security (NVD).

The vulnerability has severe potential impacts with high ratings for confidentiality, integrity, and availability. A successful exploitation could allow an attacker to gain access to the underlying system, potentially compromising sensitive data and system operations (IBM Security Bulletin).

IBM has released patches to address this vulnerability and encourages customers to update their systems promptly. For Docker Container users, the latest version can be obtained by running the command 'docker pull icr.io/isva/verify-access:[tag]'. For ISAM/ISVA appliances, users should obtain and install fix version 10.0.7-ISS-ISVA-FP0000 (IBM Security Bulletin).