CVE-2024-56343: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Verify Identity Access Digital Credentials 24.06 contains a vulnerability (CVE-2024-56343) that was disclosed on June 06, 2025. The vulnerability allows an authenticated user to crash the service through a specially crafted POST request. This vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) (IBM Advisory).

The vulnerability is classified under CWE-771: Missing Reference to Active Allocated Resource. According to the CVSS vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L), the vulnerability has a network-based attack vector (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), with no impact on confidentiality (C:N) or integrity (I:N), but low impact on availability (A:L) (IBM Advisory, Wiz Analysis).

The vulnerability affects the availability of the service, potentially allowing an authenticated attacker to cause a denial of service condition through a specially crafted POST request (IBM Advisory).

IBM strongly recommends updating to the latest version of the software. The updated version can be pulled from IBM Cloud Registry using the command: docker pull icr.io/ivia/ivia-digital-credentials:latest. No alternative workarounds or mitigations have been provided (IBM Advisory).