IBM Security Access Manager Container information disclosure
Description
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Security Verify Access temporarily stores sensitive information in files accessible to local users, leading to potential information disclosure.
Vulnerability
IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker version 10.0.6.1 temporarily store sensitive information in files that can be accessed by a local user. This occurs during normal operation of the containerized access manager, where temporary files containing credentials or other secrets are created and not adequately protected.
Exploitation
An attacker must have local access to the system (e.g., a user account or physical access). No authentication is required beyond local presence, but the attack complexity is high (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), suggesting that the temporary files are only available during a narrow time window or under specific conditions. The attacker would need to read the files while they exist on disk before they are cleaned up.
Impact
Successful exploitation results in the disclosure of sensitive information (confidentiality impact: high). There is no impact on integrity or availability. The exposed data could include credentials or configuration secrets, potentially enabling further attacks against the system or network.
Mitigation
IBM has addressed this vulnerability in security updates for IBM Security Verify Access. Affected users should apply the latest patches as detailed in the IBM security bulletin [1]. No workaround is documented; limiting local user access to the system is a general precaution. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: 10.0.0.0 - 10.0.6.1
- Range: 10.0.0.0 - 10.0.6.1
10.0.0.0+ 1 more
- (no CPE)range: 10.0.0.0
- (no CPE)range: 10.0.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.ibm.com/support/pages/node/7106586mitrevendor-advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/254653mitrevdb-entry
News mentions
0No linked articles in our index yet.