CVE-2024-45673 MEDIUM

CVE-2024-45673: IBM Security Verify Bridge information disclosure

Vendor Ibm
Product Security Verify Bridge Directory Sync
Weakness CWE-260
Published February 21, 2025
Last update August 27, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user.

Key dates

02Disclosure timeline

February 21, 2025 CVE published
August 27, 2025 Record updated