CVE-2024-45647

CWE-6203 documents3 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 74.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Verify Access IBM Security Verify Access Docker

Timeline

PublishedJan 20

Description

IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages4 packages

▶CVEListV5ibm/security_verify_access_docker10.0.0 — 10.0.8

▶NVDibm/security_verify_access_docker10.0.0 — 10.0.8

▶CVEListV5ibm/security_verify_access10.0.0 — 10.0.8

▶NVDibm/security_verify_access10.0.0 — 10.0.8

🔴Vulnerability Details

GHSA

GHSA-6rq7-6r98-39fr: IBM Security Verify Access 10↗2025-01-20

▶

CVEList

IBM Security Verify Access unverified password change↗2025-01-20

▶