CVE-2023-31005: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Access Manager Container (IBM Security Verify Access Appliance and Docker versions 10.0.0.0 through 10.0.6.1) contains a security vulnerability that could allow a local user to escalate their privileges due to an improper security configuration. The vulnerability was assigned CVE-2023-31005 and was disclosed in February 2024 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) by NIST with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while IBM Corporation rated it at 6.2 (MEDIUM) with vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability stems from an improper security configuration that could be exploited by a local attacker (IBM Advisory).

If exploited, this vulnerability allows a local attacker to escalate their privileges on the affected system. The vulnerability has high impacts on confidentiality, integrity, and availability according to the NIST assessment (NVD).

IBM has released version 10.0.7-ISS-ISVA-FP0000 to address this vulnerability. For Docker Container deployments, users should update their systems by running the command 'docker pull icr.io/isva/verify-access:[tag]' with the latest published version tag. For ISAM/ISVA appliances, users should obtain and install the latest version fix (IBM Advisory).