CVE-2024-45657: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 contain a vulnerability that could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. The vulnerability, identified as CVE-2024-45657, was discovered and disclosed on February 4, 2025 (IBM Advisory).

The vulnerability is classified as CWE-732 (Incorrect Permission Assignment for Critical Resource). According to the CVSS v3.1 scoring system, it has received a base score of 5.0 (MEDIUM) with the following vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires local access, high attack complexity, and high privileges to exploit, with low impacts on confidentiality, integrity, and availability in a changed scope scenario (IBM Advisory).

If exploited, this vulnerability allows a local privileged user to perform unauthorized actions within the system. The impact is considered moderate, with low potential for compromise of system confidentiality, integrity, and availability (IBM Advisory).

IBM has released version 10.0.9 of IBM Security Verify Access and version 11.0 of IBM Verify Identity Access as fixes for this vulnerability. Users are encouraged to update their systems promptly to these newer versions. No temporary workarounds or mitigations have been provided (IBM Advisory).