Primary

Context

IBM Verify Identity Access Digital Credentials Information Disclosure Vulnerability

Vulnerability

An information disclosure vulnerability has been identified in IBM Verify Identity Access Digital Credentials version 24.06. This vulnerability allows remote attackers to obtain sensitive information from detailed technical error messages returned in the browser. The extracted information could be leveraged for further attacks against the system.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, which could be used to facilitate additional attacks on the system.

Remediation

Users are advised to update to the latest version of IBM Verify Identity Access Digital Credentials. The latest version can be downloaded from the IBM Cloud Registry using the command 'docker pull icr.io/ivia/ivia-digital-credentials:latest'.

Added: Jun 6, 2025, 2:18 AM

Updated: Jun 6, 2025, 2:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Verify Identity Access Digital Credentials Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating