IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.
History

Sat, 16 Nov 2024 00:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:soar:*:*:*:*:*:*:*:*

Thu, 14 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 14 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
Description IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.
Title IBM Security SOAR weak password recovery mechanism
First Time appeared Ibm
Ibm soar
Weaknesses CWE-640
CPEs cpe:2.3:a:ibm:soar:51.0.1.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm soar
References
Metrics cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-11-14T11:50:02.851Z

Updated: 2024-11-14T14:13:23.637Z

Reserved: 2024-09-03T13:50:43.964Z

Link: CVE-2024-45670

cve-icon Vulnrichment

Updated: 2024-11-14T14:06:01.168Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-14T12:15:18.570

Modified: 2024-11-16T00:24:57.203

Link: CVE-2024-45670

cve-icon Redhat

No data.