Cyber Resilience

CVE-2024-43187

Medium

Published: 04 February 2025

Published
04 February 2025
Modified
15 December 2025
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0003 10.9th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-43187 is a medium-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Ibm Security Verify Access. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 10.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-8 (Transmission Confidentiality and Integrity) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-43187 is a vulnerability in IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 that results in the transmission of sensitive or security-critical data in cleartext over a communication channel susceptible to sniffing by unauthorized actors. This issue is classified under CWE-319 (Cleartext Transmission of Sensitive Information) and carries a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity primarily due to high confidentiality impact.

The vulnerability can be exploited by unauthorized actors with network access who lack privileges and require no user interaction, though exploitation demands high attack complexity, such as positioning to intercept traffic. Successful attacks enable sniffing and capture of sensitive data in transit, compromising confidentiality without affecting integrity or availability.

IBM's security advisory at https://www.ibm.com/support/pages/node/7182386 provides details on remediation and mitigation steps for this vulnerability.

EU & UK References

Vulnerability details

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
Why these techniques?

Vulnerability enables passive network sniffing of cleartext sensitive data in transit (CWE-319).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-45647Same product: Ibm Security Verify Access
CVE-2025-13718Same vendor: Ibm
CVE-2025-0161Same product: Ibm Security Verify Access
CVE-2024-49814Same product: Ibm Security Verify Access
CVE-2026-23661Shared CWE-319
CVE-2025-70048Shared CWE-319
CVE-2024-42181Shared CWE-319
CVE-2024-31896Same vendor: Ibm
CVE-2025-0556Shared CWE-319
CVE-2024-36558Shared CWE-319

Affected Assets

ibm
security verify access
10.0.0.0 — 10.0.9.0
ibm
security verify access docker
10.0.0.0 — 10.0.9.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-8 mandates cryptographic protection for the confidentiality and integrity of transmitted information, directly preventing sniffing of sensitive data in cleartext as in this CVE.

prevent

SI-2 requires identification, reporting, and correction of flaws like CVE-2024-43187, enabling patching to eliminate cleartext transmission per IBM's advisory.

prevent

SC-13 enforces cryptographic standards and modules that support secure transmission protections, mitigating cleartext vulnerabilities when applied to communications.

References