IBM has issued a security bulletin addressing two vulnerabilities in its Security Verify Directory Server Container that could allow attackers to gain unauthorized access and execute commands.
The bulletin details two vulnerabilities, CVE-2024-49814 and CVE-2024-51450, affecting IBM Security Verify Directory versions 10.0.0 through 10.0.3.
CVE-2024-49814 is a local privilege escalation vulnerability that could allow an authenticated user to gain elevated privileges and potentially take control of the system. This vulnerability has a CVSS base score of 7.8, indicating a high severity level.
CVE-2024-51450 is a remote command injection vulnerability that could allow an attacker to execute arbitrary commands on the system by sending a specially crafted request. This vulnerability has a CVSS base score of 9.1, indicating a critical severity level.
“IBM Security Verify Directory could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request,” the bulletin states.
IBM strongly recommends that customers update to the latest version of the software to remediate these vulnerabilities. The update includes fixes that address the identified security flaws and enhance the overall security of the system.
Organizations using IBM Security Verify Directory are urged to apply the update as soon as possible to protect their systems from potential attacks. It is crucial to prioritize vulnerability management and ensure that security updates are applied promptly to mitigate the risk of exploitation.
