IbmVULNRICHMENT:CVE-2024-31871CVE-2024-31871 IBM Security Verify Access Appliance improper certificate validation
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.
CNA Affected
[
{
"vendor": "IBM",
"product": "Security Verify Access Appliance",
"versions": [
{
"status": "affected",
"version": "10.0.0",
"versionType": "semver",
"lessThanOrEqual": "10.0.7"
}
],
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*"
],
"vendor": "ibm",
"product": "security_verify_access",
"versions": [
{
"status": "affected",
"version": "10.0.0",
"versionType": "semver",
"lessThanOrEqual": "10.0.7"
}
],
"defaultStatus": "unaffected"
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total