CVE-2024-40700

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 4, 2025

CWE ID 79

Summary

CVE-2024-40700 is a newly disclosed cross-site scripting (XSS) vulnerability affecting IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8. An attacker can exploit this issue by injecting malicious JavaScript code into the appliance's Web UI. Successful exploitation could alter the intended functionality of the application and potentially result in credentials disclosure, putting sensitive information at risk within a trusted session. IBM urges users to apply the available patch as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/w5cUok
https://www.cve.org/CVERecord?id=CVE-2024-40700
https://nvd.nist.gov/vuln/detail/CVE-2024-40700

Back to Vulnerability Database

CVE-2024-40700

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations