CVE-2024-47120 is a vulnerability classified under CWE-250, which involves execution with unnecessary privileges. It affects IBM Security Verify Information Queue versions 10.0.5, 10.0.6, 10.0.7, and 10.0.8. The root cause is that the containers running this software operate with elevated privileges beyond what is necessary for their function. This misconfiguration allows a user who already has privileged access within the container environment to escalate their privileges further, potentially gaining broader access to the host system. The vulnerability does not require user interaction but does require the attacker to have high privileges initially, which limits the attack vector to insiders or compromised privileged accounts. The CVSS v3.1 base score is 6.4, reflecting medium severity, with high impact on confidentiality, integrity, and availability if exploited. The attack vector is adjacent network (AV:A), attack complexity is high (AC:H), privileges required are high (PR:H), and no user interaction is needed (UI:N). The vulnerability scope is unchanged (S:U), meaning the impact is limited to the same security scope. No public exploits have been reported yet, but the vulnerability increases the risk profile of affected deployments by expanding the attack surface via container privilege mismanagement.

If exploited, this vulnerability could allow a privileged user to escalate their privileges beyond intended limits, potentially compromising the host system that runs the IBM Security Verify Information Queue containers. This could lead to unauthorized access to sensitive data, modification or deletion of critical information, and disruption of services. The increased attack surface also raises the risk of lateral movement within the network and persistence by attackers. Organizations relying on this product for identity and access management may face significant operational and reputational damage if the vulnerability is exploited. Although exploitation requires existing high privileges, the risk remains significant in environments where privileged accounts are shared, compromised, or insufficiently monitored.

Organizations should immediately review and minimize container privileges for IBM Security Verify Information Queue deployments, ensuring containers run with the least privileges necessary. Applying any vendor patches or updates as they become available is critical. In the absence of patches, implement container security best practices such as using user namespaces, dropping unnecessary Linux capabilities, and employing container runtime security tools to monitor and restrict privilege escalation attempts. Regularly audit privileged accounts and monitor for unusual activity within container environments. Network segmentation and strict access controls should be enforced to limit exposure of the affected containers. Additionally, consider deploying runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect and respond to suspicious privilege escalation behaviors.