vulners.com Open in urlscan Pro
104.22.52.212  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Lucene search
 * Basic search
 * Lucene search
 * Search by product

--------------------------------------------------------------------------------


Subscribe

CTRLK
Start 30-day trial
Database
Vendors

Products

Years

CVSS

Scanner
Agent Scanning

API Scanning

Manual Audit

Perimeter Scanner
Scanning

Projects

Email

Webhook

Plugins

Resources
Documents

Blog

Glossary

FAQ

Pricing

Contacts
About Us

Partners

Branding Guideline

SIGN IN
IBM96623BCE3C2C61942DE8BB9DAE5D8B5A8F3543F728F424D568A676F15449D571
HistoryOct 08, 2024 - 8:56 a.m.

--------------------------------------------------------------------------------

 1. Vulners
 2. /
 3. Ibm
 4. /
 5. Security Bulletin: IBM Security SOAR password recovery is vulnerable
    (CVE-2024-45670)


SECURITY BULLETIN: IBM SECURITY SOAR PASSWORD RECOVERY IS VULNERABLE
(CVE-2024-45670)

2024-10-0808:56:49
www.ibm.com
14
ibm security soar
password recovery
vulnerability
update
version 51.0.2.0
cve-2024-45670

AI Score


6.9

Confidence

Low

JSON


SUMMARY

The password reset function in IBM Security QRadar SOAR had vulnerabilities that
could allow hackers to exploit and take over user privileges. An update has been
released which addresses these issues. It is recommended upgrading to Version
51.0.2.0 or later of IBM Security SOAR.


VULNERABILITY DETAILS

**CVEID:**CVE-2024-45670 DESCRIPTION: IBM Security SOAR contains a mechanism for
users to recover or change their passwords without knowing the original
password, but the user account must be compromised prior to the weak recovery
mechanism.
CVSS Base score: 5.6
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/359919 for the current
score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)


AFFECTED PRODUCTS AND VERSIONS

Affected Product(s) Version(s) IBM Security SOAR 51.0.1.0 and earlier


REMEDIATION/FIXES

IBM encourages customers to update their systems promptly.

Users must upgrade to v51.0.2.0 or higher of IBM SOAR in order to obtain a fix
for this vulnerability.

You can upgrade the platform and apply the security updates by following the
instructions in the “Upgrade Procedure” section in the IBM Documentation


WORKAROUNDS AND MITIGATIONS

None





AFFECTED CONFIGURATIONS

Vulners
Node
ibmsoarRange≤51.0.1.0
Vulners CPE

VendorProductVersionCPEibmsoar*cpe:2.3:a:ibm:soar:*:*:*:*:*:*:*:*

Solutions

 * Vulnerabilities intelligence
 * Perimeter control tool
 * Linux scanner
 * Windows scanner
 * Developers SDK
 * Security Intelligence feeds

Database

 * Vulnerabilities
 * Exploits
 * Security News
 * BugBounty
 * Wild Exploited
 * Top Vulnerabilities
 * CVE Feed

Resources

 * Statics & Sources
 * Plugins
 * API docs
 * FAQ
 * Blog
 * Glossary

Company

 * About
 * Contacts
 * Pricing
 * EULA
 * Privacy Policy
 * Submission Policy
 * OpenSource

@2024 Vulners Inc



AI Score


6.9

Confidence

Low

JSON