CVE-2023-32328: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Verify Access versions 10.0.0.0 through 10.0.6.1 contains a security vulnerability that uses insecure protocols in some instances, potentially allowing an attacker on the network to take control of the server. This vulnerability was assigned CVE-2023-32328 and IBM X-Force ID: 254957 (IBM Advisory).

The vulnerability has been assessed with a CVSS v3.1 Base Score of 7.5 HIGH (Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) by IBM Corporation, while NIST assessed it with a CVSS v3.1 Base Score of 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerability is classified as CWE-319 (Cleartext Transmission of Sensitive Information) (NVD Database).

If exploited, this vulnerability could allow an attacker on the network to gain complete control of the affected server, potentially compromising the confidentiality, integrity, and availability of the system (IBM Advisory).

IBM has released version 10.0.7-ISS-ISVA-FP0000 to address this vulnerability. Users are strongly encouraged to update their systems promptly. For Docker Container deployments, users should obtain the latest version by running the command 'docker pull icr.io/isva/verify-access:[tag]' with the latest published version tag (IBM Advisory).