Lucene search

[email protected]NVD:CVE-2024-31871

HistoryApr 10, 2024 - 4:15 p.m.

CVE-2024-31871

2024-04-1016:15:15

CWE-295

[email protected]

web.nvd.nist.gov

ibm

verify access

appliance

python

script

vulnerability

deployment

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.0%

JSON

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.

References

exchange.xforce.ibmcloud.com/vulnerabilities/287306

www.ibm.com/support/pages/node/7147932

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-31871

cve1 cvelist1 vulnrichment1 ibm1