Ibm Verify Identity Access vulnerabilities
13 known vulnerabilities affecting ibm/verify_identity_access.
Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH6MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2026-1342HIGHCVSS 7.9≥ 11.0.0.0, ≤ 11.0.2.0≥ 11.0, ≤ 11.0.22026-04-08
CVE-2026-1342 [HIGH] CWE-829 CVE-2026-1342: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.
cvelistv5nvd
CVE-2026-1346HIGHCVSS 7.8≥ 11.0.0.0, ≤ 11.0.2.0≥ 11.0, ≤ 11.0.22026-04-08
CVE-2026-1346 [CRITICAL] CWE-250 CVE-2026-1346: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than
cvelistv5nvd
CVE-2026-1343HIGHCVSS 7.2≥ 11.0.0.0, ≤ 11.0.2.0≥ 11.0, ≤ 11.0.22026-04-08
CVE-2026-1343 [HIGH] CWE-918 CVE-2026-1343: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy.
cvelistv5nvd
CVE-2026-4101CRITICALCVSS 9.8≥ 11.0.0.0, ≤ 11.0.2.0≥ 11.0, ≤ 11.0.22026-04-01
CVE-2026-4101 [HIGH] CWE-287 CVE-2026-4101: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 under certain load conditions could allow an attacker to bypass authentication mechanisms and gain unauthorized access to the appli
cvelistv5nvd
CVE-2026-1345HIGHCVSS 7.3≥ 11.0.0.0, ≤ 11.0.2.0≥ 11.0, ≤ 11.0.22026-04-01
CVE-2026-1345 [HIGH] CWE-78 CVE-2026-1345: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lower user privileges on the system due to improper validation
cvelistv5nvd
CVE-2026-2862MEDIUMCVSS 5.3≥ 11.0.0.0, ≤ 11.0.2.0≥ 11.0, ≤ 11.0.22026-04-01
CVE-2026-2862 [MEDIUM] CWE-444 CVE-2026-2862: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTT
cvelistv5nvd
CVE-2026-1491MEDIUMCVSS 5.3≥ 11.0.0.0, ≤ 11.0.2.0≥ 11.0, ≤ 11.0.22026-04-01
CVE-2026-1491 [MEDIUM] CWE-444 CVE-2026-1491: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTT
cvelistv5nvd
CVE-2026-2475MEDIUMCVSS 4.7≥ 11.0.0.0, ≤ 11.0.2.0≥ 11.0, ≤ 11.0.22026-04-01
CVE-2026-2475 [LOW] CWE-601 CVE-2026-2475: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this
cvelistv5nvd
CVE-2026-4364MEDIUMCVSS 5.4≥ 11.0.0.0, ≤ 11.0.2.0≥ 11.0, ≤ 11.0.22026-04-01
CVE-2026-4364 [MEDIUM] CWE-79 CVE-2026-4364: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows certificate listings retrieved via a browser session to return a JSON payload while incorrectly specifying the response Con
cvelistv5nvd
CVE-2025-36087CRITICALCVSS 9.8v11.0.02025-10-13
CVE-2025-36087 [HIGH] CWE-798 CVE-2025-36087: IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.
IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of inter
nvd
CVE-2025-36356CRITICALCVSS 9.3≥ 11.0.0.0, < 11.0.1.0v11.0.1.02025-10-06
CVE-2025-36356 [CRITICAL] CWE-250 CVE-2025-36356: IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.
nvd
CVE-2025-36354HIGHCVSS 7.3≥ 11.0.0.0, < 11.0.1.0v11.0.1.02025-10-06
CVE-2025-36354 [HIGH] CWE-78 CVE-2025-36354: IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0
could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input.
nvd
CVE-2025-36355HIGHCVSS 8.5≥ 11.0.0.0, < 11.0.1.0v11.0.1.02025-10-06
CVE-2025-36355 [HIGH] CWE-829 CVE-2025-36355: IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0
could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.
nvd