IBM Security Access Manager Container improper file validation
Description
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Security Access Manager Container (Verify Access) versions 10.0.0.0–10.0.6.1 allow a user to download files from an incorrect repository due to improper file validation.
Vulnerability
CVE-2023-32329 is an improper file validation vulnerability in IBM Security Access Manager Container, which affects IBM Security Verify Access Appliance and IBM Security Verify Access Docker versions 10.0.0.0 through 10.0.6.1 [1]. The flaw allows a user to download files from an incorrect repository, indicating insufficient validation of file paths or repository identifiers during file retrieval operations.
Exploitation
An attacker with user-level access to the affected system can exploit this vulnerability by manipulating file download requests to target an unintended repository [1]. The exact attack vector is not detailed in the available references, but it likely involves crafting requests that bypass repository validation checks.
Impact
Successful exploitation enables the attacker to download files from an incorrect repository [1]. This could lead to disclosure of sensitive information if the repository contains configuration or credential files, or potentially to execution of malicious code if the downloaded files are subsequently used in a privileged context. The impact is limited to file download; no privilege escalation is directly described.
Mitigation
IBM has addressed this vulnerability in IBM Security Verify Access updates [1]. Users should upgrade to a fixed version beyond 10.0.6.1. No workaround is provided in the available references. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
410.0.0.0 through 10.0.6.1+ 2 more
- (no CPE)range: 10.0.0.0 through 10.0.6.1
- (no CPE)range: 10.0.0.0
- (no CPE)range: 10.0.0.0
- Range: 10.0.0.0 through 10.0.6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.ibm.com/support/pages/node/7106586mitrevendor-advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/254972mitrevdb-entry
News mentions
0No linked articles in our index yet.