CVE-2024-45670

Name of the Vulnerable Software and Affected Versions: IBM Security SOAR versions 51.0.1.0 and earlier

Description: The issue concerns a weak password recovery mechanism that allows users to recover or change their passwords without knowing the original password. However, the user account must be compromised prior to exploiting this weak recovery mechanism. This could potentially lead to weak passwords and unauthorized access.

Recommendations: For IBM Security SOAR versions 51.0.1.0 and earlier, upgrade the affected component immediately to address the weak password recovery mechanism. As a temporary workaround, consider restricting access to the password recovery feature until a patch is available.