Password Modification Vulnerability in IBM Security Verify Access
CVE-2024-45647

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Security Verify Access; Security Verify Access Docker
Vendor: CVE Published:; 20 January 2025

Summary

A vulnerability exists in IBM Security Verify Access versions 10.0.0 through 10.0.8, including the Docker version. This flaw allows an unverified user to change the password of an expired user account without needing to know the original password, enabling unauthorized access to sensitive information and resources.

Affected Version(s)

Security Verify Access 10.0.0 <= 10.0.8

Security Verify Access Docker 10.0.0 <= 10.0.8

References

https://www.ibm.com/support/pages/node/7176212

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2025
Vulnerability Reserved
Sep 3, 2024