CVE-2024-45675 identifies a critical authentication bypass vulnerability in IBM Informix Dynamic Server version 14.10. The vulnerability arises from the improper implementation of the password system used for primary authentication, categorized under CWE-309 (Use of Password System for Primary Authentication). Specifically, a local attacker with access to the host system can log into the Informix server as an administrator without needing to provide any password credentials. This bypass occurs because the authentication mechanism fails to enforce password verification properly, allowing privilege escalation to administrative levels. The vulnerability requires local access but does not require any prior privileges or user interaction, making it easier for an attacker who has gained local system access to fully compromise the database server. The impact includes complete loss of confidentiality, integrity, and availability of data managed by the Informix server, as the attacker gains administrative control. The CVSS v3.1 base score is 8.4, reflecting high severity due to the ease of exploitation and the critical impact on system security. No patches or fixes have been published yet, and no known exploits have been reported in the wild. Organizations running IBM Informix Dynamic Server 14.10 should consider this vulnerability a critical risk and take immediate steps to mitigate exposure until a vendor patch is available.

For European organizations, this vulnerability poses a significant threat, especially those relying on IBM Informix Dynamic Server 14.10 for critical business applications and data management. Unauthorized administrative access could lead to data breaches involving sensitive personal or corporate data, violating GDPR and other data protection regulations. Attackers could manipulate or delete data, disrupt database availability, or use the compromised server as a foothold for further network intrusion. The local access requirement limits remote exploitation but does not eliminate risk, as insider threats or attackers who gain initial system access through other means can leverage this vulnerability. The impact is particularly severe for sectors such as finance, healthcare, government, and critical infrastructure, where database integrity and availability are paramount. The lack of a patch increases the urgency for interim controls to prevent exploitation and detect suspicious activity.

Immediate mitigation steps include restricting local system access to trusted personnel only and enforcing strict access controls on servers running Informix Dynamic Server 14.10. Organizations should implement robust host-based monitoring and logging to detect unauthorized login attempts or privilege escalations. Network segmentation can limit lateral movement if an attacker gains local access. Until IBM releases an official patch, consider disabling or restricting Informix server access on vulnerable hosts where feasible. Regularly audit user accounts and permissions on affected systems to ensure no unauthorized changes occur. Engage with IBM support for updates on patch availability and apply vendor fixes promptly once released. Additionally, conduct security awareness training to reduce insider threat risks and ensure rapid incident response capabilities are in place.