IBM reports multiple critical vulnerabilities in Security Verify Access Appliance
Take action: If you are running Security Verify Access Appliance versions 10.0.0 through 10.0.8 IF1, time to patch ASAP. There are three critical flaws, and the device is used to manage other application's access, and even if it's isolated to corporate networks there are too many variables and vectors not to patch it. Don't delay.
Learn More
IBM is reporting multiple critical security vulnerabilities in its Security Verify Access Appliance, a solution designed for web application access control and protection.
Critical Vulnerabilities:
- CVE-2024-49803 (CVSS score 9.8) - Remote command execution vulnerability. Allows authenticated attackers to execute arbitrary commands.
- CVE-2024-49805 (CVSS score 9.4) - Hard-coded credentials. Affects inbound authentication and outbound communication
- CVE-2024-49806 (CVSS score 9.4) - Hard-coded credentials. Similar to CVE-2024-49805
- CVE-2024-49804 (CVSS score 7.8) - Privilege escalation vulnerability. Allows local authenticated users to gain elevated privileges
Affected Versions:
- IBM Security Verify Access versions 10.0.0 through 10.0.8 IF1
IBM has released version 10.0.8-ISS-ISVA-FP0002 which addresses all reported vulnerabilities. No workarounds or mitigations are available.
While there are currently no reports of active exploitation, users are advised to patch as soon as possible.
