CNVD-2024-07613 — Vulnetix

CNVD-2024-07613 PUBLISHED CVSS 6.199999809265137 MEDIUM

IBM Security Verify Access（ISAM）是美国国际商业机器（IBM）公司的一款提高用户访问安全的服务。该服务通过使用基于风险的访问、单点登录、集成访问管理控制、身份联合以及移动多因子认证实现对Web、移动、IoT和云技术等平台安全简单的访问 IBM Security Verify Access存在权限提升漏洞，该漏洞源于安全配置错误，攻击者可利用该漏洞提升权限。

Risk Scores

CVSS v3.1

6.199999809265137

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
IBM	Security Verify Access Appliance	10.0.0.0
IBM	Security Verify Access Docker	10.0.0.0

Timeline

Jan 9, 2024 CVE Published
Feb 3, 2024 PoC Published
Feb 25, 2024 PoC Published

References

https://www.ibm.com/support/pages/node/7106586 vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/254767 vdb
http://seclists.org/fulldisclosure/2024/Nov/0 url

Open in Interactive Console →