Privilege Escalation Vulnerability in IBM Security Verify Access Appliance
CVE-2024-49814

7.8HIGH

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance
Vendor: CVE Published:; 6 February 2025

Summary

A privilege escalation vulnerability exists in IBM Security Verify Access Appliance versions 10.0.0 through 10.0.3 that could potentially allow a locally authenticated user to gain elevated privileges. This issue arises due to instances where unnecessary privileges are granted during execution, creating an opportunity for malicious actors with access to the system to exploit this flaw and gain enhanced permissions that could compromise the integrity and security of the appliance.

Affected Version(s)

Security Verify Access Appliance 10.0.0 <= 10.0.3

References

https://www.ibm.com/support/pages/node/7182558

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2025
Vulnerability Reserved
Oct 20, 2024