Information Disclosure Vulnerability in IBM Security Verify Products
CVE-2024-45674

3.3LOW

Key Information:

Vendor: IBM
Status: Security Verify Bridge Directory Sync
Vendor: CVE Published:; 22 February 2025

Summary

The vulnerability in IBM Security Verify products arises from the improper handling of log files, where potentially sensitive information is stored. This exposure allows local users to access and read sensitive data, which may include user credentials or personal identifiable information, posing a security risk for organizations reliant on these systems. It is essential to implement mitigations and monitor access to logs to protect sensitive information from unauthorized access.

Affected Version(s)

Security Verify Bridge Directory Sync 1.0.1 <= 1.0.12

References

https://www.ibm.com/support/pages/node/7183801

vendor-advisory

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 22, 2025