Remote Command Execution Vulnerability Affects IBM Security Verify Access Appliance
CVE-2024-49803

8.8HIGH

Key Information:

Vendor: IBM
Status: Security Verify Access
Vendor: CVE Published:; 29 November 2024

Summary

IBM Security Verify Access Appliance versions 10.0.0 through 10.0.8 are susceptible to a vulnerability that allows a remote authenticated attacker to execute arbitrary commands on the system. This occurs through the submission of specially crafted requests, potentially leading to unauthorized system access and manipulation. It is essential for organizations using this appliance to apply the necessary patches or mitigations to safeguard their systems against exploitation.

Affected Version(s)

Security Verify Access 10.0.0 <= 10.0.8

References

https://www.ibm.com/support/pages/node/7177447

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2024
Vulnerability Reserved
Oct 20, 2024