CVE-2024-45674

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a local user.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7183801	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:security_verify_bridge_directory_sync::::::::
	cpe:2.3:a:ibm:security_verify_gateway_for_radius::::::::
	cpe:2.3:a:ibm:security_verify_gateway_for_windows_login::::::::

History

No history.

Information

Published : 2025-02-22 00:15

Updated : 2025-08-18 18:24

NVD link : CVE-2024-45674

Mitre link : CVE-2024-45674

CVE.ORG link : CVE-2024-45674

JSON object : View

Products Affected

ibm

security_verify_gateway_for_windows_login
security_verify_bridge_directory_sync
security_verify_gateway_for_radius

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2024-45674", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2025-02-22T00:15:18.410", "references": [{"url": "https://www.ibm.com/support/pages/node/7183801", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 \n\nstores potentially sensitive information in log files that could be read by a local user."}, {"lang": "es", "value": "IBM Security Verify Bridge Directory Sync 1.0.1 a 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 a 1.0.10 e IBM Security Verify Gateway for Radius 1.0.1 a 1.0.11 almacenan informaci\u00f3n potencialmente confidencial en archivos de registro que un usuario local podr\u00eda leer."}], "lastModified": "2025-08-18T18:24:53.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_verify_bridge_directory_sync:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAEA73DA-1018-43D9-B4A2-3C971286ACF3", "versionEndIncluding": "1.0.12", "versionStartIncluding": "1.0.1"}, {"criteria": "cpe:2.3:a:ibm:security_verify_gateway_for_radius:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C104C5D2-1CD7-4005-9064-43F296809673", "versionEndIncluding": "1.0.11", "versionStartIncluding": "1.0.1"}, {"criteria": "cpe:2.3:a:ibm:security_verify_gateway_for_windows_login:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "901B7BA0-7493-403D-B0F2-57B1D1E340DE", "versionEndIncluding": "1.0.10", "versionStartIncluding": "1.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}