Multiple vulnerabilities in IBM Security Verify Access Docker



Published: 2024-08-05
Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2024-35140
CVE-2024-35142
CVE-2024-35141
CWE-ID CWE-295
CWE-250
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Security Verify Access Docker
Other software / Other software solutions

Vendor

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Improper Certificate Validation

EUVDB-ID: #VU95321

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35140

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper certificate validation. A local user can bypass implemented security restrictions and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Security Verify Access Docker : before 10.0.8

External links

http://www.ibm.com/support/pages/node/7155356


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Execution with unnecessary privileges

EUVDB-ID: #VU95320

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35142

CWE-ID: CWE-250 - Execution with Unnecessary Privileges

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application binary has a setuid bit. A local low-privileged user can run the affected binary and execute arbitrary code on the system with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Security Verify Access Docker : before 10.0.8

External links

http://www.ibm.com/support/pages/node/7155356


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Execution with unnecessary privileges

EUVDB-ID: #VU95322

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35141

CWE-ID: CWE-250 - Execution with Unnecessary Privileges

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application binary has a setuid bit. A local low-privileged user can run the affected binary and execute arbitrary code on the system with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Security Verify Access Docker : before 10.0.8

External links

http://www.ibm.com/support/pages/node/7155356


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###