CRITICAL🇵🇱 Wersja polska

CVE-2024-49803

CVSS 9.8v3.1pub. 2024-11-29upd. 2025-01-29

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

🤖 AI Analysis
How it works

An attacker sends a specially crafted network request to the IBM Security Verify Access Appliance device. The application does not properly sanitize input data passed to the system command interpreter (CWE-78), which allows injection and execution of arbitrary commands in the context of the device's operating system. The attack does not require user interaction or special privileges beyond having a valid account.

Impact

An attacker can gain full control over the device, including stealing sensitive data, modifying identity system configuration, or completely disabling the authentication service, which may affect access to all resources protected by IBM Security Verify Access.

Mitigation & patch

Patches available from the vendor should be applied according to the references (https://www.ibm.com/support/pages/node/7177447). Until the update is applied, it is recommended to restrict network access to the device management interface to trusted hosts only and monitor logs for unexpected requests.

Who is affected

IBM Security Verify Access Appliance in versions 10.0.0 through 10.0.8 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Security Verify Access

    APP
    Ibm
    10.0.0 – 10.0.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2026-1346CRITICAL9.3PL ✓ten sam produkt

Privilege escalation do root w IBM Security Verify Access i Verify Identity Access

CVE-2025-36356CRITICAL9.3PL ✓ten sam produkt

IBM Security Verify Access — privilege escalation do root przez nadmiarowe uprawnienia

CVE-2024-49806CRITICAL9.4PL ✓ten sam produkt

IBM Security Verify Access — zakodowane na stałe poświadczenia (hard-coded credentials)

CVE-2024-49805CRITICAL9.4PL ✓ten sam produkt

IBM Security Verify Access — zakodowane na stałe poświadczenia (hard-coded credentials)

CVE-2021-39070CRITICAL9.8ten sam produkt

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication ser...