Ibm Security Verify Access Container vulnerabilities

CVE-2026-1342 [HIGH] CWE-829 CVE-2026-1342: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.

CVE-2026-1346 [CRITICAL] CWE-250 CVE-2026-1346: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than

CVE-2026-1343 [HIGH] CWE-918 CVE-2026-1343: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy.

CVE-2026-4101 [HIGH] CWE-287 CVE-2026-4101: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 under certain load conditions could allow an attacker to bypass authentication mechanisms and gain unauthorized access to the appli

CVE-2026-1345 [HIGH] CWE-78 CVE-2026-1345: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lower user privileges on the system due to improper validation

CVE-2026-2862 [MEDIUM] CWE-444 CVE-2026-2862: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTT

CVE-2026-1491 [MEDIUM] CWE-444 CVE-2026-1491: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTT

CVE-2026-2475 [LOW] CWE-601 CVE-2026-2475: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this

CVE-2026-4364 [MEDIUM] CWE-79 CVE-2026-4364: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows certificate listings retrieved via a browser session to return a JSON payload while incorrectly specifying the response Con

CVE-2024-43187 [MEDIUM] CWE-319 CVE-2024-43187: IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or secu IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVE-2024-45657 [MEDIUM] CWE-732 CVE-2024-45657: IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privile IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.

CVE-2024-35138 [MEDIUM] CWE-352 CVE-2024-35138: IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVE-2024-45659 [MEDIUM] CWE-209 CVE-2024-45659: IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attack IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

CVE-2024-45658 [LOW] CWE-209 CVE-2024-45658: IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attack IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

CVE-2024-40700 [MEDIUM] CWE-79 CVE-2024-40700: IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-28787 [HIGH] CWE-650 CVE-2024-28787: IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 cou IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.