IBM has released patches for multiple vulnerabilities, that could lead to a remote code execution to hard-coded credentials and privilege escalation that potentially compromising sensitive data and disrupting critical services.
The first vulnerability tracked as CVE-2024-49803 with a CVSS score of 9.8 is a Remote Code Execution flaw allowing authenticated remote attackers to execute arbitrary commands.
The second set of vulnerabilities tracked as CVE-2024-49805 & CVE-2024-49806 each with a CVSS score of 9.4 stems with the appliance contains hard-coded credentials that could be exploited to gain unauthorized access.
The third vulnerability is tracked as CVE-2024-49804 with a CVSS score of 7.8 is a Privilege Escalation bug in which a locally authenticated attacker could exploit this vulnerability to gain elevated privileges.
IBM Security Verify Access versions 10.0.0 through 10.0.8 IF1 are vulnerable. IBM has released fix pack 10.0.8-ISS-ISVA-FP0002 to address these vulnerabilities. Since there are no workarounds available, organizations utilizing the affected versions are strongly advised to apply the fix pack without delay.
