CVE-2024-49805: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Verify Access Appliance versions 10.0.0 through 10.0.8 contains a critical vulnerability involving hard-coded credentials. The vulnerability, identified as CVE-2024-49805, affects credentials used for inbound authentication, outbound communication to external components, and encryption of internal data. This security flaw was disclosed on November 29, 2024, and received a CVSS base score of 9.8, indicating critical severity (IBM Advisory, NVD).

The vulnerability is classified under CWE-798 (Use of Hard-coded Credentials) and received a CVSS v3.1 base score of 9.8 with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The technical assessment indicates that the vulnerability requires no privileges or user interaction to exploit, and can be accessed from the network with low attack complexity (NVD, IBM Advisory).

The presence of hard-coded credentials significantly increases the risk of unauthorized access and data breaches. The vulnerability affects the system's inbound authentication, outbound communication to external components, and encryption of internal data, potentially compromising the entire system's security (Cybersecurity News).

IBM has released a patch version 10.0.8-ISS-ISVA-FP0002 to address this vulnerability. No alternative workarounds are available, and users are strongly advised to apply the provided patch as soon as possible (ASEC, IBM Advisory).