CVE-2024-45647
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2Description
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.
Analysis
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical Context
This vulnerability is classified under CWE-620. IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password. Affected products include: Ibm Security Verify Access, Ibm Security Verify Access Docker. Version information: through 10.0.8.
Affected Products
Ibm Security Verify Access, Ibm Security Verify Access Docker.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today