PT-2025-7418 · Ibm · Ibm Security Verify Gateway For Radius+2
Published
2025-02-21
·
Updated
2025-02-22
·
CVE-2024-45674
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Security Verify Bridge Directory Sync versions 1.0.1 through 1.0.12
IBM Security Verify Gateway for Windows Login versions 1.0.1 through 1.0.10
IBM Security Verify Gateway for Radius versions 1.0.1 through 1.0.11
Description
The issue concerns the storage of potentially sensitive information in log files, which could be accessed by a local user.
Recommendations
For IBM Security Verify Bridge Directory Sync versions 1.0.1 through 1.0.12, restrict access to log files to minimize the risk of sensitive information disclosure.
For IBM Security Verify Gateway for Windows Login versions 1.0.1 through 1.0.10, consider implementing access controls to log files until a fix is available.
For IBM Security Verify Gateway for Radius versions 1.0.1 through 1.0.11, limit local user privileges to reduce the potential for log file access.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Verify Bridge Directory Sync
Ibm Security Verify Gateway For Radius
Ibm Security Verify Gateway For Windows Login