CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-45647

Medium Severity
Ibm
SVRS
38/100
CVSSv3
9.8/10
EPSS
0.00062/1

CVE-2024-45647: An IBM Security Verify Access vulnerability allows unauthorized password changes. This flaw affects versions 10.0.0 through 10.0.8, including the Docker variant, potentially enabling an unverified user to change an expired user's password without needing the original. Despite a high CVSS score of 9.8, the SOCRadar Vulnerability Risk Score (SVRS) is 38, suggesting lower immediate real-world risk, although exploitation remains possible. The ability to change passwords without proper authorization presents a significant security risk. Successful exploitation could lead to unauthorized access and compromised accounts. Organizations using affected versions should apply necessary patches to mitigate this vulnerability.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-01-20
LAST MODIFIED2025-01-29
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-45647 affects IBM Security Verify Access versions 10.0.0 through 10.0.8, including Docker versions. This vulnerability allows an unverified user to reset the password of an expired user account without knowing the original password. This potentially grants unauthorized access to sensitive data and systems.

SVRS: The SVRS score for this vulnerability is 38, indicating a moderate risk. While not considered critical, the potential for unauthorized access should not be underestimated.

Key Insights

  • Unverified User Access: The vulnerability allows unverified users to exploit the weakness, posing a significant risk to the security of the system.
  • Password Reset Bypass: The ability to reset an expired user's password without prior knowledge is a serious security flaw, potentially allowing attackers to gain access to accounts.
  • Potential for Lateral Movement: Once an attacker gains access to a compromised account, they can use it to further penetrate the network, potentially gaining access to more sensitive information or systems.
  • Data Breach Risk: Compromised accounts could lead to unauthorized access and potential exfiltration of sensitive data, including user credentials, corporate secrets, and financial information.

Mitigation Strategies

  • Upgrade to the Latest Version: The most effective mitigation strategy is to update IBM Security Verify Access to the latest version, which includes a patch for CVE-2024-45647.
  • Implement Multi-Factor Authentication: Employing multi-factor authentication (MFA) adds an extra layer of security, making it harder for attackers to gain unauthorized access even if they compromise a password.
  • Regular Security Audits: Conduct regular security audits to identify and address any vulnerabilities, including misconfigurations and outdated software.
  • Security Awareness Training: Educate users about phishing attempts, social engineering tactics, and the importance of strong password hygiene to reduce the risk of unauthorized access.

Additional Information:

If you have additional questions or need more information regarding this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-45647 | IBM Security Verify Access up to 10.0.8 unverified password change
vuldb.com2025-01-20
CVE-2024-45647 | IBM Security Verify Access up to 10.0.8 unverified password change | A vulnerability has been found in IBM Security Verify Access and Security Verify Access Docker up to 10.0.8 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unverified password change. This vulnerability is known as CVE-2024-45647. The attack can be launched remotely. There is no exploit available. It
vuldb.com
rss
forum
news

Social Media

CVE-2024-45647 IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the passwo… https://t.co/7FwjMqOKhg
0
0
2

Affected Software

Configuration 1
TypeVendorProduct
AppIbmsecurity_verify_access
AppIbmsecurity_verify_access_docker

References

ReferenceLink
[email protected]https://www.ibm.com/support/pages/node/7176212

CWE Details

CWE IDCWE NameDescription
CWE-620Unverified Password ChangeWhen setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence