CVE-2024-51450

CVE-2024-51450 is a command injection vulnerability (CWE-78) affecting IBM Security Verify Directory versions 10.0.0 through 10.0.3. It enables a remote authenticated attacker to execute arbitrary commands on the underlying system by sending a specially crafted request. The vulnerability has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, high privileges required, changed scope, and high impact across confidentiality, integrity, and availability.

An attacker with high-level authenticated access, such as an administrative user, can exploit this vulnerability remotely over the network without user interaction. By crafting a malicious request targeting the affected component, the attacker achieves arbitrary command execution on the server, potentially leading to full system compromise, data exfiltration, persistence, or lateral movement within the environment.

IBM has published a security advisory detailing the issue and mitigation steps at https://www.ibm.com/support/pages/node/7182558, which security practitioners should consult for patch availability and remediation guidance specific to the affected versions.