CVE-2024-45650

High

Published: 31 January 2025

Published

31 January 2025

Modified

08 August 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0018 38.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation.

Security Summary

CVE-2024-45650 is a denial-of-service vulnerability in IBM Security Verify Directory versions 10.0 through 10.0.3. The issue arises when the software processes an LDAP extended operation, leading to improper handling of exceptional conditions as classified under CWE-754. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.

An unauthenticated attacker with network access to the affected system can exploit this vulnerability remotely with low attack complexity and no user interaction required. Successful exploitation causes a denial of service, disrupting service availability without impacting confidentiality or integrity.

The IBM security advisory provides details on mitigation and patching; refer to https://www.ibm.com/support/pages/node/7182169 for specific guidance.

Details

CWE(s): CWE-754

Affected Products

ibm

security verify directory

10.0.0 — 10.0.3

References

https://www.ibm.com/support/pages/node/7182169
Vendor Advisory · psirt@us.ibm.com