CVE-2024-56342 MEDIUM

CVE-2024-56342: IBM Verify Identity Access Digital Credentials information disclosure

Vendor Ibm
Product Verify Identity Access Digital Credentials
Weakness CWE-209 · Error message info leak
Published June 6, 2025
Last update August 24, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Key dates

02Disclosure timeline

June 6, 2025 CVE published
August 24, 2025 Record updated