IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.
Weakness
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Security_verify_access | Ibm | 10.0.0.0 (including) | 10.0.9.0 (excluding) |
| Security_verify_access | Ibm | 10.0.9.0 (including) | 10.0.9.0 (including) |
| Security_verify_access | Ibm | 10.0.9.0-interim_fix1 (including) | 10.0.9.0-interim_fix1 (including) |
| Security_verify_access | Ibm | 10.0.9.0-interim_fix2 (including) | 10.0.9.0-interim_fix2 (including) |
| Security_verify_access_docker | Ibm | 10.0.0.0 (including) | 10.0.9.0 (excluding) |
| Security_verify_access_docker | Ibm | 10.0.9.0 (including) | 10.0.9.0 (including) |
| Security_verify_access_docker | Ibm | 10.0.9.0-interim_fix1 (including) | 10.0.9.0-interim_fix1 (including) |
| Security_verify_access_docker | Ibm | 10.0.9.0-interim_fix2 (including) | 10.0.9.0-interim_fix2 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/104.html
- https://cwe.mitre.org/data/definitions/470.html
- https://cwe.mitre.org/data/definitions/69.html