CVE-2024-43187
Published: 04 February 2025
Description
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Security Summary
CVE-2024-43187 is a vulnerability in IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 that results in the transmission of sensitive or security-critical data in cleartext over a communication channel susceptible to sniffing by unauthorized actors. This issue is classified under CWE-319 (Cleartext Transmission of Sensitive Information) and carries a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity primarily due to high confidentiality impact.
The vulnerability can be exploited by unauthorized actors with network access who lack privileges and require no user interaction, though exploitation demands high attack complexity, such as positioning to intercept traffic. Successful attacks enable sniffing and capture of sensitive data in transit, compromising confidentiality without affecting integrity or availability.
IBM's security advisory at https://www.ibm.com/support/pages/node/7182386 provides details on remediation and mitigation steps for this vulnerability.
Details
- CWE(s)