What is the severity of CVE-2024-35133?

The severity of CVE-2024-35133 is considered to be high due to its potential to enable phishing attacks through an open redirect.

How do I fix CVE-2024-35133?

To fix CVE-2024-35133, it is recommended to upgrade IBM Security Verify Access to version 10.0.9 or higher.

Who is affected by CVE-2024-35133?

CVE-2024-35133 affects users of IBM Security Verify Access versions 10.0.0 through 10.0.8 and its Docker counterpart.

What type of attack does CVE-2024-35133 enable?

CVE-2024-35133 enables remote authenticated attackers to conduct phishing attacks using open redirect techniques.

What products are impacted by CVE-2024-35133?

The impacted products for CVE-2024-35133 include IBM Security Verify Access and IBM Security Verify Access Docker from versions 10.0.0 to 10.0.8.

Vulnerability/
CVE-2024-35133

high

8.2

CWE

601

27/8/2024

29/8/2024

21/9/2024

CVE-2024-35133: IBM Security Verify Access HTTP open redirect

First published: Tue Aug 27 2024(Updated: )

IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Security Verify Access OIDC Provider	<=10.0.0 - 10.0.8
IBM Security Verify Access	<=10.0.0 - 10.0.8
IBM Security Verify Access OIDC Provider	>=10.0.0<=10.0.8
IBM Security Verify Access	>=10.0.0<=10.0.8

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7166712

Frequently Asked Questions

What is the severity of CVE-2024-35133?
The severity of CVE-2024-35133 is considered to be high due to its potential to enable phishing attacks through an open redirect.
How do I fix CVE-2024-35133?
To fix CVE-2024-35133, it is recommended to upgrade IBM Security Verify Access to version 10.0.9 or higher.
Who is affected by CVE-2024-35133?
CVE-2024-35133 affects users of IBM Security Verify Access versions 10.0.0 through 10.0.8 and its Docker counterpart.
What type of attack does CVE-2024-35133 enable?
CVE-2024-35133 enables remote authenticated attackers to conduct phishing attacks using open redirect techniques.
What products are impacted by CVE-2024-35133?
The impacted products for CVE-2024-35133 include IBM Security Verify Access and IBM Security Verify Access Docker from versions 10.0.0 to 10.0.8.

agent/weakness
agent/title
agent/references
agent/type
agent/first-publish-date
agent/author
agent/event
agent/severity
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/description
agent/trending
agent/source
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
vendor/ibm
canonical/ibm security verify access oidc provider
version/ibm security verify access oidc provider/10.0.0 - 10.0.8
canonical/ibm security verify access
version/ibm security verify access/10.0.0 - 10.0.8
version/ibm security verify access oidc provider/10.0.0
version/ibm security verify access oidc provider/10.0.8
version/ibm security verify access/10.0.0
version/ibm security verify access/10.0.8

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.