Weak Password Recovery Mechanism in IBM Security SOAR Could Allow Attackers to Gain Unauthorized Access
CVE-2024-45670

8.1HIGH

Key Information:

Vendor: IBM
Status: Soar
Vendor: CVE Published:; 14 November 2024

What is CVE-2024-45670?

The vulnerability in IBM Security SOAR prior to version 51.0.1.0 permits users to recover or change their passwords without the need for the original password. This design flaw necessitates that the user account be compromised first, raising significant concerns regarding account security and the potential for unauthorized access. Organizations utilizing affected versions must reassess their password recovery processes to mitigate the risks posed by this vulnerability.

References

https://www.ibm.com/support/pages/node/7172206

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2024