CVE-2024-51450
Published: 06 February 2025
Summary
CVE-2024-51450 is a critical-severity OS Command Injection (CWE-78) vulnerability in Ibm Security Verify Directory. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2024-51450 by requiring identification, reporting, and patching of the command injection flaw in IBM Security Verify Directory.
Prevents exploitation of the command injection vulnerability by validating specially crafted requests for correctness and appropriateness before processing.
Blocks arbitrary command execution by restricting information inputs to only organization-defined safe and expected values.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in a network-accessible directory service directly enables remote exploitation of a public-facing app (T1190) and arbitrary command execution via the OS shell (T1059).
NVD Description
IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
Deeper analysisAI
CVE-2024-51450 is a command injection vulnerability (CWE-78) affecting IBM Security Verify Directory versions 10.0.0 through 10.0.3. It enables a remote authenticated attacker to execute arbitrary commands on the underlying system by sending a specially crafted request. The vulnerability has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, high privileges required, changed scope, and high impact across confidentiality, integrity, and availability.
An attacker with high-level authenticated access, such as an administrative user, can exploit this vulnerability remotely over the network without user interaction. By crafting a malicious request targeting the affected component, the attacker achieves arbitrary command execution on the server, potentially leading to full system compromise, data exfiltration, persistence, or lateral movement within the environment.
IBM has published a security advisory detailing the issue and mitigation steps at https://www.ibm.com/support/pages/node/7182558, which security practitioners should consult for patch availability and remediation guidance specific to the affected versions.
Details
- CWE(s)