IBM Security Verify Access Appliance mit statischem Passwort
Attackers can attack IBM's access management solution Security Verify Access Appliance with malicious code, among other things. A security update is available.
(Image: Artur Szczybylo/Shutterstock.com)
Attackers can exploit four vulnerabilities in IBM Security Verify Access Appliance. Three of these vulnerabilities are classified as"critical". The developers have closed the gaps in a current version.
Admins use Security Verify Access Appliance to control access to web applications. The applications are also designed to protect against attacks. As can be seen from a warning message, the access management solution in versions 10.0.0 up to and including 10.0.8 IF1 can now itself become a gateway for attackers. The developers assure that they have closed the gaps in version 10.0.8-ISS-ISVA-FP0002.
The dangers
If the security update is not installed, attackers can exploit four vulnerabilities. In two cases (CVE-2024-49805"critical", CVE-2024-49806"critical"), attackers can gain unauthorized access based on hardcoded access data. The third"critical" vulnerability allows malicious code to enter systems. To do this, attackers must send prepared requests to vulnerable instances.
Videos by heise
IBM is not currently explaining how attacks work in detail and how admins can recognize systems that have already been attacked. There are currently no reports of ongoing attacks. However, admins should not hesitate too long and install the available security update promptly.
(des)
