CVE-2024-43187: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 contain a security vulnerability where sensitive or security-critical data is transmitted in cleartext, making it susceptible to unauthorized interception. This vulnerability was disclosed on February 4, 2025, and is tracked as CVE-2024-43187 (IBM Security Bulletin).

The vulnerability is characterized by the transmission of sensitive data in cleartext through communication channels that can be monitored by unauthorized actors. It has been assigned a CVSS Base score of 5.9 (Medium) with the vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility with high attack complexity, no privileges required, and potential for high confidentiality impact. The vulnerability is classified under CWE-319: Cleartext Transmission of Sensitive Information (IBM Security Bulletin).

The vulnerability could allow unauthorized actors to intercept and access sensitive or security-critical data transmitted in cleartext. This exposure of sensitive information could potentially be used for further attacks against the system (IBM Security Bulletin).

IBM has released version 10.0.9 of IBM Security Verify Access and version 11.0 of IBM Verify Identity Access to address this vulnerability. Organizations are encouraged to update their systems promptly to these newer versions. No temporary workarounds have been provided (IBM Security Bulletin).