CVE-2024-45647 MEDIUM

CVE-2024-45647: IBM Security Verify Access unverified password change

Vendor Ibm
Product Security Verify Access
Weakness CWE-620 · Unverified password change
Published January 20, 2025
Last update January 21, 2025

CVSS base score

5.6/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.

Key dates

02Disclosure timeline

January 20, 2025 CVE published
January 21, 2025 Record updated