Login Sign Up

CVE-2023-38370

7.5 HIGH

📋 TL;DR

IBM Security Access Manager Docker containers (versions 10.0.0.0 through 10.0.7.1) with certain configurations allow network users to install malicious packages. This could lead to unauthorized code execution or system compromise. Only specific configurations are vulnerable, not all deployments.

💻 Affected Systems

Products:
  • IBM Security Access Manager Docker
Versions: 10.0.0.0 through 10.0.7.1
Operating Systems: Linux (Docker container)
Default Config Vulnerable: ✅ No
Notes: Only vulnerable under certain unspecified configurations according to IBM advisory.

📦 What is this software?

Security Access Manager by Ibm

View all CVEs affecting Security Access Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full control of the container, installs backdoors, steals credentials, and pivots to other systems.

🟠

Likely Case

Unauthorized package installation leading to data exfiltration, persistence mechanisms, or service disruption.

🟢

If Mitigated

Limited impact due to network segmentation and proper configuration hardening.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires network access and specific vulnerable configuration. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.7.2 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7158790

Restart Required: Yes

Instructions:

1. Download IBM Security Access Manager Docker version 10.0.7.2 or later from IBM Fix Central. 2. Stop the vulnerable container. 3. Deploy the updated container image. 4. Verify the new version is running.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict network access to IBM Security Access Manager Docker containers to only necessary systems.

iptables -A INPUT -s <trusted_network> -p tcp --dport <container_port> -j ACCEPT
iptables -A INPUT -p tcp --dport <container_port> -j DROP

Configuration Hardening

all

Review and modify configurations to avoid the vulnerable state mentioned in IBM advisory.

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the container.
  • Monitor container logs for unauthorized package installation attempts.

🔍 How to Verify

Check if Vulnerable:

Check IBM Security Access Manager Docker version. If between 10.0.0.0 and 10.0.7.1 and using certain configurations, assume vulnerable.

Check Version:

docker exec <container_name> cat /opt/ibm/isam/version.txt

Verify Fix Applied:

Verify the container is running version 10.0.7.2 or later using docker inspect or version check command.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected package installation logs in container
  • Unauthorized network connections to package repositories

Network Indicators:

  • Unusual outbound connections from container to external repositories
  • Suspicious inbound connections to container management ports

SIEM Query:

source="docker" AND ("package install" OR "yum install" OR "apt-get install") AND NOT user="authorized_user"

📊 Metadata

CVE ID: CVE-2023-38370
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-276
Published: June 27, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38370, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)