IBM Security Verify Access Appliance Hard-Coded Credentials Vulnerability
CVE-2024-31873

7.5HIGH

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance
Vendor: CVE Published:; 10 April 2024

Summary

The IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7 are vulnerable due to the presence of hard-coded credentials used for inbound authentication. These credentials can potentially be exploited by malicious actors, allowing unauthorized access and compromising the security of user data. It is crucial for organizations using affected versions to assess their systems and apply necessary mitigating measures to protect against potential threats.

Affected Version(s)

Security Verify Access Appliance 10.0.0 <= 10.0.7

References

https://www.ibm.com/support/pages/node/7147932

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/287317

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Apr 7, 2024