Severity
High
Analysis Summary
CVE-2023-38370 CVSS:7.5
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages.
CVE-2023-30998 CVSS:8.4
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls.
CVE-2024-31916 CVSS:7.5
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels.
Impact
- Data Manipulation
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2023-38370
- CVE-2023-30998
- CVE-2024-31916
Affected Vendors
IBM
Affected Products
- IBM Security Verify Access Docker 10.0.0.0
- IBM Security Verify Access Docker 10.0.7.1
- IBM OPENBMC FW1050.00
- IBM OPENBMC FW1050.10
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.