CVE-2024-45659: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 contain a security vulnerability that could allow remote attackers to obtain sensitive information through detailed technical error messages. The vulnerability (CVE-2024-45659) was disclosed on February 4, 2025, and has been assigned a CVSS base score of 5.3 (Medium) (IBM Security Bulletin).

The vulnerability is classified as CWE-209: Generation of Error Message Containing Sensitive Information. It has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility, low attack complexity, no privileges required, and no user interaction needed. The vulnerability affects the error handling mechanism of the application, potentially exposing sensitive technical information (IBM Security Bulletin).

When exploited, this vulnerability allows remote attackers to obtain sensitive information through detailed technical error messages. The exposed information could potentially be leveraged for further attacks against the system. The impact is primarily limited to confidentiality, with no direct effect on integrity or availability (IBM Security Bulletin).

IBM has released version 10.0.9 of IBM Security Verify Access and version 11.0 of IBM Verify Identity Access to address this vulnerability. IBM strongly encourages customers to update their systems promptly to these newer versions. No temporary workarounds or mitigations have been provided (IBM Security Bulletin).