Sensitive Data Transmission Flaw in IBM Security Verify Access Appliance and Container
CVE-2024-43187

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Container
Vendor: CVE Published:; 4 February 2025

Summary

The IBM Security Verify Access Appliance and Container versions 10.0.0 to 10.0.8 are exposed to a vulnerability that allows sensitive or security-critical data to be transmitted unencrypted. This flaw compromises the integrity of data being communicated, making it susceptible to interception by unauthorized actors over the network. It is essential for organizations using these products to implement secured communication protocols to mitigate the risk associated with this vulnerability.

Affected Version(s)

Security Verify Access Appliance 10.0.0 <= 10.0.8

Security Verify Access Container 10.0.0 <= 10.0.8

References

https://www.ibm.com/support/pages/node/7182386

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Aug 7, 2024