Unrated severityNVD Advisory· Published Feb 7, 2024· Updated Nov 3, 2025

IBM Security Access Manager Container information disclosure

CVE-2023-38369

Description

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 ships docker images with weak default passwords, facilitating account compromise.

Vulnerability

IBM Security Access Manager Container versions 10.0.0.0 through 10.0.6.1 do not enforce strong passwords for docker images by default [1]. This allows the use of weak or default credentials for user accounts within the containerized deployment.

Exploitation

An attacker with network access to the container can attempt to authenticate using common weak passwords or default credentials that were not changed during deployment. No special privileges or user interaction is required beyond the ability to reach the authentication interface.

Impact

Successful exploitation leads to compromise of user accounts, potentially granting the attacker unauthorized access to the IBM Security Access Manager Container environment. This could result in information disclosure or further lateral movement within the network.

Mitigation

IBM has addressed this vulnerability in security updates for IBM Security Verify Access [1]. Users should upgrade to a fixed version as specified in the vendor advisory. As a workaround, administrators should enforce strong password policies and change any default credentials immediately.

References

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

IBM/Security Access Manager Containerllm-create
Range: 10.0.0.0 to 10.0.6.1
IBM/Security Verify Accesscpe-rescue2 versions
10.0.0.0+ 1 more
- (no CPE)range: 10.0.0.0
- (no CPE)range: 10.0.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7106586mitrevendor-advisory
exchange.xforce.ibmcloud.com/vulnerabilities/261196mitrevdb-entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000