Information Disclosure Vulnerability in IBM Security Verify Access Appliance and Container
CVE-2024-45659

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Container
Vendor: CVE Published:; 4 February 2025

Summary

IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 are susceptible to an information disclosure vulnerability. A remote attacker could exploit this issue by triggering a detailed technical error message, potentially exposing sensitive information that could facilitate subsequent attacks against the system. It is crucial for users of the affected products to apply necessary patches or updates as advised by the vendor to mitigate this risk.

Affected Version(s)

Security Verify Access Appliance 10.0.0 <= 10.0.8

Security Verify Access Container 10.0.0 <= 10.0.8

References

https://www.ibm.com/support/pages/node/7182386

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Sep 3, 2024