CVE-2023-38369
MEDIUMIBM Security Access Manager Container <10.0.6.1 - Info Disclosure
Title source: llmDescription
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.
References (3)
Core 3
Core References
Mailing List
http://seclists.org/fulldisclosure/2024/Nov/0
Patch, Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/7106586
VDB Entry, Vendor Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/261196
Scores
CVSS v3
6.2
EPSS
0.0053
EPSS Percentile
40.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-521
Status
published
Products (1)
ibm/security_access_manager_container
10.0.0.0 - 10.0.6.1
Published
Feb 07, 2024
Tracked Since
Feb 18, 2026