CVE-2023-38368 – IBM Security Access Manager Docker versions 10.... (How to Fix)

Q: What is the severity of CVE-2023-38368?

CVE-2023-38368 has a CVSS score of 5.5 (MEDIUM). IBM Security Access Manager Docker versions 10.0.0.0 through 10.0.7.1 have improper permission controls that could allow local users to access sensitive information. This vulnerability affects organizations using these specific IBM containerized security products. The issue stems from incorrect access controls within the Docker container environment.

📋 TL;DR

IBM Security Access Manager Docker versions 10.0.0.0 through 10.0.7.1 have improper permission controls that could allow local users to access sensitive information. This vulnerability affects organizations using these specific IBM containerized security products. The issue stems from incorrect access controls within the Docker container environment.

💻 Affected Systems

Products:

IBM Security Access Manager Docker

Versions: 10.0.0.0 through 10.0.7.1

Operating Systems: Any OS running Docker with affected IBM product

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Docker container deployments of IBM Security Access Manager, not traditional installations.

📦 What is this software?

Security Access Manager by Ibm

View all CVEs affecting Security Access Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers gain access to sensitive configuration data, credentials, or security policies that could be used to escalate privileges or compromise the security infrastructure.

🟠

Likely Case

Local users with basic access can read sensitive files or configuration data they shouldn't have access to, potentially exposing security settings or credentials.

🟢

If Mitigated

With proper access controls and container security hardening, impact is limited to authorized users only accessing their permitted resources.

🌐 Internet-Facing: LOW - This requires local access to the Docker container, not directly exploitable from the internet.

🏢 Internal Only: MEDIUM - Internal users with local container access could exploit this, but requires existing access to the affected system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the Docker container. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.7.2 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7158790

Restart Required: Yes

Instructions:

1. Download IBM Security Access Manager Docker version 10.0.7.2 or later from IBM Fix Central. 2. Stop the affected container. 3. Deploy the updated container image. 4. Restart the container with the new image.

🔧 Temporary Workarounds

Restrict Container Access

linux

Limit local user access to Docker containers running IBM Security Access Manager

docker update --restart=no [container_name]
chmod 750 /var/run/docker.sock
usermod -aG docker [authorized_users_only]

Implement Docker Security Best Practices

linux

Apply Docker security hardening to limit container capabilities

docker run --cap-drop=ALL --cap-add=NET_BIND_SERVICE [other_required_caps] [image]
docker run --read-only [image]
docker run --security-opt=no-new-privileges [image]

🧯 If You Can't Patch

Implement strict access controls to limit who can access Docker containers and host systems
Monitor container access logs and file access patterns for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check IBM Security Access Manager Docker version: docker inspect [container_name] | grep -i version

Check Version:

docker inspect [container_name] | grep -i 'version\|image'

Verify Fix Applied:

Verify version is 10.0.7.2 or later: docker inspect [container_name] | grep -i version

📡 Detection & Monitoring

Log Indicators:

Unauthorized file access attempts within Docker containers
Suspicious user activity on Docker host with access to IBM containers
Access to sensitive configuration files by non-privileged users

Network Indicators:

N/A - Local vulnerability only

SIEM Query:

source="docker" AND (container_name="*ibm*access*manager*" OR image="*ibm*access*manager*") AND (event="file_access" OR event="permission_denied")

📊 Metadata

CVE ID: CVE-2023-38368

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-863

Published: June 27, 2024

Last Updated: November 3, 2025

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/261195 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7158790 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Nov/0
https://exchange.xforce.ibmcloud.com/vulnerabilities/261195 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7158790 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38368, you might also want to check these: