Security Bulletin: IBM Security Verify Privilege could allow an unauthenticated actor to obtain sensitive information (CVE-2024-31887)
Discription

Summary IBM Security Verify Privilege could allow an unauthenticated actor to obtain sensitive information. The issue has been addressed in an update. Vulnerability Details ** CVEID: CVE-2024-31887 DESCRIPTION: **IBM Security Verify Privilege could allow an unauthenticated actor to obtain sensitive information from the SOAP API. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287651 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Security Verify Privilege On-Premises| 11.6.25 Remediation/Fixes IBM encourages customers to update their systems promptly. Upgrade your installation to version 11.6.26 as found here. Workarounds and Mitigations Remember to check your system's audit logs for suspicious activity. Rotate secrets if you suspect or detect signs of suspicious access. For more information, review these documents: https://www.ibm.com/support/pages/node/7148305…Read More

Back to Main

Subscribe for the latest news: