June 30, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
North Korean Cybercriminals Use Chrome Zero-Day Exploit to Install FudModule Rootkit – Active IOCs
September 2, 2024Multiple Dell Products Vulnerabilities
September 2, 2024North Korean Cybercriminals Use Chrome Zero-Day Exploit to Install FudModule Rootkit – Active IOCs
September 2, 2024Multiple Dell Products Vulnerabilities
September 2, 2024
Severity
Medium
Analysis Summary
CVE-2024-35118 CVSS:4.6
IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device.
CVE-2024-35133 CVSS:6.8
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
CVE-2024-39747 CVSS:8.1
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-39747
- CVE-2024-35133
- CVE-2024-35118
Affected Vendors
IBM
Affected Products
- IBM Security Verify Access 10.0.0
- IBM Security Verify Access Docker 10.0.0.0
- IBM Sterling Connect:Direct Web Services 6.0
- IBM Sterling Connect:Direct Web Services 6.1
- IBM Sterling Connect:Direct Web Services 6.2
- IBM Sterling Connect:Direct Web Services 6.3
- IBM MaaS360 6.31
- IBM MaaS360 8.60
- IBM Security Verify Access 10.0.8
- IBM Security Verify Access Docker 10.0.8
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.