Local Privilege Escalation in IBM Security Verify Access Appliance and Container
CVE-2024-45657

6.7MEDIUM

Key Information:

Vendor

IBM
Status
Security Verify Access Appliance
Security Verify Access Container
Vendor
CVE Published:
4 February 2025

What is CVE-2024-45657?

A security flaw in IBM Security Verify Access Appliance and Container versions 10.0.0 to 10.0.8 could permit a local privileged user to execute unauthorized operations due to improperly assigned permissions. This misconfiguration allows exploitation of the system’s privileges, potentially leading to unforeseen security risks.

Affected Version(s)

Security Verify Access Appliance 10.0.0 <= 10.0.8

Security Verify Access Container 10.0.0 <= 10.0.8

References

https://www.ibm.com/support/pages/node/7182386
vendor-advisory

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-45657 : Local Privilege Escalation in IBM Security Verify Access Appliance and Container