CVE-2024-35137 is a vulnerability identified in IBM Security Verify Access Docker versions 10.0.0.0 through 10.0.7.1, categorized under CWE-258 (Use of Empty Password with Configuration File). The issue arises because the product’s configuration file contains an empty password or insufficiently protected sensitive credentials, which can be accessed by a local user. This exposure allows an attacker with local access to the host system to read sensitive configuration data, potentially including credentials or tokens, which can then be leveraged to escalate privileges within the system. The vulnerability does not require prior authentication or user interaction, but it does require local access to the system hosting the Docker container. The CVSS v3.1 base score is 6.2 (medium severity), reflecting a high impact on confidentiality but no impact on integrity or availability. The attack vector is local (AV:L), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The scope remains unchanged (S:U). No public exploits have been reported yet, but the exposure of sensitive configuration data in a security-critical product like IBM Security Verify Access Docker poses a significant risk if local access controls are weak or compromised. This product is used in enterprise environments for identity and access management, often protecting critical applications and services.

For European organizations, the primary impact of this vulnerability is the potential unauthorized disclosure of sensitive configuration credentials, which can lead to privilege escalation on systems running IBM Security Verify Access Docker. This could allow attackers to bypass access controls, potentially gaining administrative capabilities within the affected environment. Given that IBM Security Verify Access is often deployed in environments managing authentication and authorization, exploitation could undermine the security of multiple dependent applications and services. The vulnerability’s local access requirement limits remote exploitation but increases risk in environments where insider threats or compromised local accounts exist. Organizations in sectors such as finance, government, healthcare, and critical infrastructure in Europe, which rely heavily on IBM security products, could face increased risk of lateral movement and privilege escalation attacks. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

European organizations should implement strict local access controls to limit who can access hosts running IBM Security Verify Access Docker containers. This includes enforcing least privilege principles, using strong authentication for local accounts, and monitoring for unauthorized access attempts. Regularly audit configuration files and system permissions to ensure sensitive files are not world-readable or accessible by unauthorized users. Although no patches are currently listed, organizations should monitor IBM security advisories closely and apply updates or patches as soon as they become available. Employ container security best practices such as isolating containers, using minimal base images, and scanning container images for vulnerabilities. Additionally, consider implementing host-based intrusion detection systems (HIDS) to detect suspicious local activities. Finally, conduct security awareness training to reduce insider threat risks and ensure that local users understand the importance of securing credentials and configuration files.