Weak Password Recovery Mechanism in IBM Security SOAR Could Allow Attackers to Gain Unauthorized Access

CVE-2024-45670

8.1HIGH

Key Information

Vendor: IBM
Status: Soar
Vendor: CVE Published:; 14 November 2024

Summary

IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 14, 2024

Collectors

NVD Database