Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-35133

CWE-601 — Open Redirect4 documents4 sources

Severity

8.2HIGH

EPSS

2.9%

top 13.72%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Security Verify Access IBM Security Verify Access Docker

Timeline

PublishedAug 29

Latest updateApr 5

Description

IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages4 packages

▶CVEListV5ibm/security_verify_access10.0.0 — 10.0.8

▶NVDibm/security_verify_access10.0.0 — 10.0.8

▶CVEListV5ibm/security_verify_access_docker10.0.0 — 10.0.8

▶NVDibm/security_verify_access_docker10.0.0 — 10.0.8

🔴Vulnerability Details

GHSA

GHSA-m7jg-gw6r-5p82: IBM Security Verify Access 10↗2024-08-29

▶

CVEList

IBM Security Verify Access HTTP open redirect↗2024-08-29

▶

💥Exploits & PoCs

Exploit-DB

IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow↗2025-04-05

▶