IBM Product Security Update Advisory

Dec 04 2024

Overview

An update has been released to address vulnerabilities in IBM Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-49803, CVE-2024-49804, CVE-2024-49805, CVE-2024-49806

IBM Security Verify Access versions: 10.0.0 (inclusive) ~ 10.0.8 IF1 (inclusive)

Resolved Vulnerabilities

Vulnerability that could allow remote authenticated attackers to execute arbitrary commands on the system by sending a specially crafted request (CVE-2024-49803)

Vulnerability that could allow a locally authenticated non-administrator user to perform certain actions with unnecessary privileges, resulting in privilege escalation (CVE-2024-49804)

Vulnerability containing hardcoded credentials used for self authentication, communication with external components, and internal data encryption (CVE-2024-49805, CVE-2024-49806)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-49803, CVE-2024-49804, CVE-2024-49805, CVE-2024-49806

IBM Security Verify Access version: 10.0.8-ISS-ISVA-FP0002

Referenced Sites

[1] Security Bulletin: Multiple Security Vulnerabilities were found in IBM Security Verify Access Appliance. (CVE-2024-49803, CVE-2024-49804, CVE-2024-49805, CVE-2024-49806)

https://www.ibm.com/support/pages/node/7177447

IBM Product Security Update Advisory

AsyncHttpClient Library Security Update Advisory (CVE-2024-53990)

Zyxel Product Security Update Advisory (CVE-2024-11667)

Tags:

AsyncHttpClient Library Security Update Advisory (CVE-2024-53990)

Zyxel Product Security Update Advisory (CVE-2024-11667)