CVE-2024-45658: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 contain a vulnerability that could allow a remote attacker to obtain sensitive information through detailed technical error messages. The vulnerability (CVE-2024-45658) was disclosed on February 4, 2025, and is classified with CWE-209 (Generation of Error Message Containing Sensitive Information). This information exposure vulnerability affects the security of the system by potentially enabling further attacks (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 2.7 (LOW) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. This scoring indicates that the vulnerability requires high privileges but can be exploited with low attack complexity and no user interaction. The attack vector is network-based, with potential impacts limited to low-level confidentiality breaches (NVD).

The primary impact of this vulnerability is the potential exposure of sensitive information through detailed technical error messages. While the direct impact is limited to information disclosure, the exposed information could be leveraged by attackers to conduct further attacks against the system. The confidentiality impact is rated as low, with no direct impact on integrity or availability (IBM Advisory).

IBM has released version 10.0.9 of IBM Security Verify Access as a fix for this vulnerability. Organizations are encouraged to update their systems promptly to this version. Alternatively, users can upgrade to IBM Verify Identity Access v11.0. No temporary workarounds or mitigations have been provided (IBM Advisory).