CVE-2023-30997 – This vulnerability in IBM Security Access Manag... (How to Fix)

Q: What is the severity of CVE-2023-30997?

CVE-2023-30997 has a CVSS score of 7.8 (HIGH). This vulnerability in IBM Security Access Manager Docker allows a local user to escalate privileges to root due to improper access controls. It affects versions 10.0.0.0 through 10.0.7.1. Any system running these vulnerable versions with local user access is at risk.

📋 TL;DR

This vulnerability in IBM Security Access Manager Docker allows a local user to escalate privileges to root due to improper access controls. It affects versions 10.0.0.0 through 10.0.7.1. Any system running these vulnerable versions with local user access is at risk.

💻 Affected Systems

Products:

IBM Security Access Manager Docker

Versions: 10.0.0.0 through 10.0.7.1

Operating Systems: Linux (Docker container)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Docker container deployments, not appliance or virtual appliance versions.

📦 What is this software?

Security Access Manager by Ibm

View all CVEs affecting Security Access Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full root access to the container, potentially compromising the entire Docker host and other containers.

🟠

Likely Case

Malicious insider or compromised local account escalates to root within the container, enabling data theft, persistence, or lateral movement.

🟢

If Mitigated

With strict access controls and no local user accounts, impact is limited to container isolation failure.

🌐 Internet-Facing: LOW - This requires local access to the container, not directly exploitable from the internet.

🏢 Internal Only: HIGH - Any internal user with container access can exploit this to gain root privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access to the container. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.7.2 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7158790

Restart Required: Yes

Instructions:

1. Download IBM Security Access Manager Docker version 10.0.7.2 or later from IBM Fix Central. 2. Stop the vulnerable container. 3. Deploy the updated container image. 4. Verify the new version is running.

🔧 Temporary Workarounds

Restrict Local User Access

linux

Limit local user accounts within the container to prevent exploitation.

# Remove unnecessary local users
userdel <username>
# Restrict shell access for remaining users
usermod -s /sbin/nologin <username>

Implement Docker Security Best Practices

linux

Run container with non-root user and minimal privileges.

docker run --user 1001:1001 ibm/security-access-manager

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable containers from critical systems.
Monitor container logs for privilege escalation attempts and unauthorized root access.

🔍 How to Verify

Check if Vulnerable:

Check the IBM Security Access Manager Docker version. If it's between 10.0.0.0 and 10.0.7.1 inclusive, it's vulnerable.

Check Version:

docker exec <container_name> cat /opt/ibm/isam/version.txt

Verify Fix Applied:

Confirm the container is running version 10.0.7.2 or later and test local user privilege escalation attempts fail.

📡 Detection & Monitoring

Log Indicators:

Unexpected root user activity in container logs
Failed or successful privilege escalation attempts
Unauthorized access to sensitive files

Network Indicators:

Unusual outbound connections from the container to internal systems

SIEM Query:

source="docker" AND (event="privilege_escalation" OR user="root") AND container_name="ibm-security-access-manager"

📊 Metadata

CVE ID: CVE-2023-30997

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-250

Published: June 27, 2024

Last Updated: November 3, 2025

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/254638 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7158790 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Nov/0
https://exchange.xforce.ibmcloud.com/vulnerabilities/254638 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7158790 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30997, you might also want to check these: