CVE-2023-31006: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to denial of service attacks on the DSC server. The vulnerability was disclosed in February 2024 and is tracked as CVE-2023-31006 with IBM X-Force ID: 254776 (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) by NIST with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, while IBM Corporation assigned it a score of 6.5 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption) according to IBM Corporation (NVD).

The vulnerability affects the availability of the DSC server through denial of service attacks. There are no reported impacts on confidentiality or integrity of the system (IBM Advisory).

IBM has released updates to address this vulnerability. Users are encouraged to update their systems promptly. For Docker Container installations, users should obtain the latest version by running the command 'docker pull icr.io/isva/verify-access:[tag]'. For ISAM/ISVA appliances, users should obtain and install fix version 10.0.7-ISS-ISVA-FP0000 (IBM Advisory).