CVE-2024-45659

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7182386	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:security_verify_access::::::::
	cpe:2.3:a:ibm:verify_identity_access::::::::

History

05 Aug 2025, 13:51

Type	Values Removed	Values Added
References	~~() https://www.ibm.com/support/pages/node/7182386 -~~	() https://www.ibm.com/support/pages/node/7182386 - Vendor Advisory
First Time		Ibm verify Identity Access Ibm Ibm security Verify Access
CPE		cpe:2.3:a:ibm:verify_identity_access:::::::: cpe:2.3:a:ibm:security_verify_access::::::::
Summary		(es) IBM Security Verify Access Appliance and Container 10.0.0 a 10.0.8 podría permitir que un atacante remoto obtenga información confidencial cuando se devuelve un mensaje de error técnico detallado. Esta información podría utilizarse en futuros ataques contra sistema.

04 Feb 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-04 18:15

Updated : 2025-08-05 13:51

NVD link : CVE-2024-45659

Mitre link : CVE-2024-45659

CVE.ORG link : CVE-2024-45659

JSON object : View

Products Affected

ibm

verify_identity_access
security_verify_access

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

5.3 /10