CVE-2024-35139 – This vulnerability in IBM Security Access Manag... (How to Fix)

Q: What is the severity of CVE-2024-35139?

CVE-2024-35139 has a CVSS score of 6.2 (MEDIUM). This vulnerability in IBM Security Access Manager Docker allows local users to access sensitive information within the container due to incorrect default permissions. It affects IBM Security Access Manager Docker versions 10.0.0.0 through 10.0.7.1. The issue stems from improper file/directory permissions that expose sensitive data to unauthorized local users.

📋 TL;DR

This vulnerability in IBM Security Access Manager Docker allows local users to access sensitive information within the container due to incorrect default permissions. It affects IBM Security Access Manager Docker versions 10.0.0.0 through 10.0.7.1. The issue stems from improper file/directory permissions that expose sensitive data to unauthorized local users.

💻 Affected Systems

Products:

IBM Security Access Manager Docker

Versions: 10.0.0.0 through 10.0.7.1

Operating Systems: Linux (container host)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Docker container deployments of IBM Security Access Manager, not other deployment types.

📦 What is this software?

Security Access Manager by Ibm

View all CVEs affecting Security Access Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers could access sensitive configuration files, credentials, or cryptographic materials, potentially leading to privilege escalation, lateral movement, or complete container compromise.

🟠

Likely Case

Local users with access to the container can read sensitive files they shouldn't have access to, potentially exposing configuration details, logs, or other restricted information.

🟢

If Mitigated

With proper container isolation and least-privilege access controls, the impact is limited to information disclosure within the container boundary.

🌐 Internet-Facing: LOW - This requires local access to the container, not remote network access.

🏢 Internal Only: MEDIUM - Internal users with container access could exploit this, but it requires local access to the vulnerable container.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the container and involves reading files with incorrect permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.7.2 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7158790

Restart Required: Yes

Instructions:

1. Update to IBM Security Access Manager Docker version 10.0.7.2 or later. 2. Pull the updated container image from IBM's registry. 3. Redeploy containers with the updated image. 4. Verify the fix by checking container version and permissions.

🔧 Temporary Workarounds

Manual permission hardening

linux

Manually adjust file and directory permissions within the container to restrict access to sensitive files.

docker exec <container_name> chmod 600 /path/to/sensitive/file
docker exec <container_name> chown root:root /path/to/sensitive/file

Container isolation

linux

Implement strict container isolation and limit local user access to the container.

docker run --read-only --security-opt=no-new-privileges --cap-drop=ALL <image>

🧯 If You Can't Patch

Implement strict access controls to limit who can access the Docker containers.
Monitor container access and file access patterns for suspicious activity.

🔍 How to Verify

Check if Vulnerable:

Check if running IBM Security Access Manager Docker version between 10.0.0.0 and 10.0.7.1, and verify sensitive file permissions within the container.

Check Version:

docker exec <container_name> /opt/ibm/isam/bin/version.sh

Verify Fix Applied:

Verify container is running version 10.0.7.2 or later and check that sensitive files have proper restrictive permissions (e.g., 600 for files, 700 for directories).

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns within container logs
Permission change events in container audit logs

Network Indicators:

N/A - local vulnerability only

SIEM Query:

container.name:"ibm-security-access-manager" AND (event.action:"file_read" OR event.action:"permission_change") AND file.path:"/opt/ibm/isam/*"

📊 Metadata

CVE ID: CVE-2024-35139

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-276

Published: June 28, 2024

Last Updated: November 3, 2025

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/292415 VDB Entry
https://www.ibm.com/support/pages/node/7158790 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Nov/0
https://exchange.xforce.ibmcloud.com/vulnerabilities/292415 VDB Entry
https://www.ibm.com/support/pages/node/7158790 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35139, you might also want to check these: