CVE-2024-25027 identifies a vulnerability in IBM Security Verify Access Docker version 10.0.6, where sensitive snapshot information is not encrypted, leading to potential data disclosure. This issue is categorized under CWE-311, which refers to missing encryption of sensitive data. The vulnerability arises because snapshot data stored or handled within the Docker container lacks proper encryption safeguards, allowing an attacker with local access to the Docker environment to read sensitive information directly. The CVSS 3.1 base score is 6.2 (medium severity), with an attack vector classified as local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is limited to confidentiality (C:H), with no impact on integrity or availability. No public exploits have been reported yet, but the vulnerability could be leveraged by insiders or attackers who have gained local access to the host running the Docker container. IBM Security Verify Access is an enterprise-grade identity and access management solution, often deployed in critical environments to secure authentication and authorization workflows. The missing encryption of snapshot data could expose sensitive configuration or session information, potentially aiding further attacks or data leakage. Since the vulnerability affects a specific version (10.0.6), organizations running this version should consider upgrading or applying vendor patches once available. The lack of encryption indicates a design or implementation oversight in handling sensitive data within containerized deployments of this product.

For European organizations, the primary impact is the potential unauthorized disclosure of sensitive snapshot data within IBM Security Verify Access Docker containers. This could lead to exposure of confidential authentication or session information, undermining trust in identity management processes. While the vulnerability does not directly allow remote exploitation or system takeover, it increases the risk of insider threats or lateral movement by attackers who have gained local access. Organizations in sectors such as finance, government, healthcare, and critical infrastructure that rely on IBM Security Verify Access for identity management could face compliance and reputational risks if sensitive data is leaked. The confidentiality breach could facilitate further attacks, including privilege escalation or data exfiltration. The medium severity rating reflects the limited attack vector (local access required) but significant confidentiality impact. European enterprises with containerized deployments of this IBM product should evaluate their internal access controls and monitoring to mitigate risks.

1. Restrict local access to hosts running IBM Security Verify Access Docker containers to trusted administrators only, employing strict access controls and auditing. 2. Implement encryption for snapshot data at rest and in transit within the Docker environment, either by applying vendor patches or using container-level encryption mechanisms. 3. Monitor Docker host and container logs for unauthorized access attempts or suspicious activities related to snapshot data. 4. Upgrade IBM Security Verify Access Docker to a version where this vulnerability is addressed once IBM releases a patch or update. 5. Employ network segmentation to isolate critical identity management containers from less trusted network zones. 6. Conduct regular security assessments of container configurations and secrets management to ensure sensitive data is protected. 7. Educate internal teams about the risks of local access vulnerabilities and enforce least privilege principles. 8. Consider deploying host-based intrusion detection systems (HIDS) to detect anomalous file access or snapshot data reads.