CVE-2024-45650

High

Published: 31 January 2025

Published

31 January 2025

Modified

08 August 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0018 38.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45650 is a high-severity Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability in Ibm Security Verify Directory. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 38.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Flaw remediation directly addresses the vulnerability by applying IBM patches to fix improper handling of LDAP extended operations causing DoS.

SC-5 Denial-of-service Protection good match

prevent

Denial-of-service protection implements mechanisms like rate limiting and traffic shaping to block exploitation of the LDAP extended operation DoS.

SI-11 Error Handling good match

prevent

Error handling ensures exceptional conditions during LDAP extended operation processing do not compromise system availability.

NVD Description

IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation.

Deeper analysisAI

CVE-2024-45650 is a denial-of-service vulnerability in IBM Security Verify Directory versions 10.0 through 10.0.3. The issue arises when the software processes an LDAP extended operation, leading to improper handling of exceptional conditions as classified under CWE-754. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.

An unauthenticated attacker with network access to the affected system can exploit this vulnerability remotely with low attack complexity and no user interaction required. Successful exploitation causes a denial of service, disrupting service availability without impacting confidentiality or integrity.

The IBM security advisory provides details on mitigation and patching; refer to https://www.ibm.com/support/pages/node/7182169 for specific guidance.

Details

CWE(s): CWE-754

Affected Products

ibm

security verify directory

10.0.0 — 10.0.3

CVEs Like This One

CVE-2024-51450Same product: Ibm Security Verify Directory

CVE-2024-56340Same vendor: Ibm

CVE-2024-43187Same vendor: Ibm

CVE-2025-0162Same vendor: Ibm

CVE-2024-28766Same vendor: Ibm

CVE-2025-14480Same vendor: Ibm

CVE-2024-25034Same vendor: Ibm

CVE-2024-39750Same vendor: Ibm

CVE-2024-49352Same vendor: Ibm

CVE-2025-3320Same vendor: Ibm

References

https://www.ibm.com/support/pages/node/7182169
Vendor Advisory · psirt@us.ibm.com