Cross-Site Scripting Vulnerability in IBM Security Verify Access Appliance and Container
CVE-2024-40700
6.1MEDIUM
Key Information:
- Vendor
IBM
- Vendor
- CVE Published:
- 4 February 2025
What is CVE-2024-40700?
IBM Security Verify Access Appliances and Containers versions 10.0.0 through 10.0.8 are susceptible to a Cross-Site Scripting (XSS) flaw, which permits unauthenticated attackers to inject arbitrary JavaScript code into the web user interface. This exploitation can alter the intended functionality of the application and may result in unauthorized disclosure of user credentials during an active session, posing a significant security risk to users.
Affected Version(s)
Security Verify Access Appliance 10.0.0 <= 10.0.8
Security Verify Access Container 10.0.0 <= 10.0.8