IBM Security Access Manager Container privilege escalation
Description
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local user can exploit improper access controls in IBM Security Verify Access to escalate privileges to root.
Vulnerability
IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1 contain improper access controls in the container component, allowing a local user to obtain root access [1]. The vulnerability is triggered when a local user interacts with the affected system without requiring authentication or user interaction, as indicated by the CVSS vector (AV:L/AC:L/PR:N/UI:N) [1].
Exploitation
An attacker with local access to the system can exploit the improper access controls without any prior privileges or user interaction [1]. The attack complexity is low, meaning no special conditions are required beyond local access. The attacker can then execute commands or manipulate system resources to escalate privileges to root [1].
Impact
Successful exploitation grants the attacker root privileges, leading to full compromise of confidentiality, integrity, and availability of the affected system [1]. The attacker can access sensitive data, modify system configurations, and potentially disrupt services.
Mitigation
IBM has released security updates to address this vulnerability. Users should upgrade to a fixed version as specified in the IBM Security Bulletin [1]. No workarounds are documented, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as per the available references.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5- Range: 10.0.0.0 - 10.0.6.1
- Range: = 10.0.6.1
- Range: 10.0.0.0 - 10.0.6.1
10.0.0.0+ 1 more
- (no CPE)range: 10.0.0.0
- (no CPE)range: 10.0.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.ibm.com/support/pages/node/7106586mitrevendor-advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/254658mitrevdb-entry
News mentions
0No linked articles in our index yet.