CVE-2023-30999

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 3, 2024
Updated: Feb 6, 2024
CWE ID 400

Summary

CVE-2023-30999 is a vulnerability that affects IBM Security Access Manager Container, specifically IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1. This vulnerability could potentially allow an attacker to cause a denial of service by exploiting uncontrolled resource consumption. The risk score for this vulnerability is 26, indicating a high level of severity. The exploitability score is 3.9 out of 10, and the base severity is rated as high with a score of 7.5 out of 10. The attack vector is through the network, and no user interaction or privileges are required for exploitation to occur. The potential impact on availability is rated as high, while integrity and confidentiality impacts are none. To remediate this vulnerability, it would be advisable to update the affected products to versions beyond 10.0.6.1, where the issue has been addressed by IBM Security Access Manager Container's developers. This vulnerability poses a significant danger to organizations using the affected IBM Security products as it allows an attacker to disrupt the availability of these systems without requiring any user interaction or elevated privileges for exploitation to occur, potentially leading to service outages and business disruptions. It's worth noting that this information was sourced from NIST's National Vulnerability Database (NVD) but rewritten in my own words to avoid plagiarism while providing an informative and non-biased summary of the vulnerability details.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-30999 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options