CVE-2024-49814

CVE-2024-49814 is a privilege escalation vulnerability in IBM Security Verify Access Appliance versions 10.0.0 through 10.0.3, stemming from execution with unnecessary privileges (CWE-250). A locally authenticated user could exploit this flaw to increase their privileges on the affected appliance. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.

The attack requires local access and low privileges (PR:L), with low attack complexity and no user interaction needed. An attacker with local authentication could leverage the unnecessary privileges during execution to elevate their access rights, potentially gaining full control over the appliance and compromising its security functions.

IBM has published an advisory detailing the issue and mitigation steps at https://www.ibm.com/support/pages/node/7182558. Security practitioners should consult this reference for patch availability and remediation guidance specific to the affected versions.