CVE-2024-45674
LOWCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2Tags
Description
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a local user.
Analysis
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified under CWE-532. IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a local user. Affected products include: Ibm Security Verify Bridge Directory Sync, Ibm Security Verify Gateway For Radius, Ibm Security Verify Gateway For Windows Login. Version information: through 1.0.12.
Affected Products
Ibm Security Verify Bridge Directory Sync, Ibm Security Verify Gateway For Radius, Ibm Security Verify Gateway For Windows Login.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today