CVE-2024-45670 MEDIUM

CVE-2024-45670: IBM Security SOAR weak password recovery mechanism

Vendor Ibm

Product Security SOAR

Weakness CWE-640 · Weak password recovery

Published November 14, 2024

Last update November 14, 2024

View on NVD All CVEs

CVSS base score

5.6/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.

Key dates

02Disclosure timeline

November 14, 2024 CVE published

November 14, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-45670

Related vulnerabilities

04Related CVE

CVE-2025-41251 Weak password recovery vulnerability CVE-2025-12866 Hundred Plus｜EIP Plus - Weak Password Recovery Mechanism CVE-2024-9302 App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP CVE-2025-31380 WordPress Paid Videochat Turnkey Site plugin <= 7.3.11 - Broken Authentication Vulnerability CVE-2026-7652 LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism