CVE-2024-31883: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Verify Access versions 10.0.0.0 through 10.0.7.1, under certain configurations, is affected by a vulnerability that could allow an unauthenticated attacker to cause a denial of service condition. This vulnerability (CVE-2024-31883) was disclosed on June 27, 2024, and is related to asymmetric resource consumption issues (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-accessible, requires high attack complexity, needs no privileges or user interaction, and can only affect the availability of the system. IBM's assessment differs slightly with a CVSS score of 5.3, using the vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The primary impact of this vulnerability is on system availability. If successfully exploited, an attacker could cause a denial of service condition through asymmetric resource consumption, potentially making the system unavailable to legitimate users (IBM Advisory).

IBM has released version 10.0.8 to address this vulnerability. For Docker Container deployments, users should update their systems by running the command 'docker pull icr.io/isva/verify-access:[tag]' with the latest published version. For ISAM/ISVA appliances, the fix is available through patch 10.0.8-ISS-ISVA-FP0000 (IBM Advisory).