What is CVE-2024-35133?

CVE-2024-35133 is a medium-severity vulnerability in Ibm Security Verify Access, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.8/10. Published 2024-08-29.

How severe is CVE-2024-35133?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Is CVE-2024-35133 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Open Redirect in Ibm Security Verify Access

CVE-2024-35133

IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote a…

Vulnerability class: Open Redirect

EPSS: 0.022 (84.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N.

Affected products

Ibm Security Verify Access — versions 10.0.0
Ibm Security Verify Access Docker — versions 10.0.0

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

Public proof-of-concept exploits

References

www.ibm.com/support/pages/node/7166712 (vendor-advisory)
exchange.xforce.ibmcloud.com/vulnerabilities/291026 (vdb-entry)

Frequently asked questions

What is CVE-2024-35133?: CVE-2024-35133 is a medium-severity vulnerability in Ibm Security Verify Access, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.8/10. Published 2024-08-29.
How severe is CVE-2024-35133?: Medium severity. CVSS v3 base score is 6.8 out of 10.
Is CVE-2024-35133 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.