Ibm Security Verify Access
44 CVEs affecting Ibm Security Verify Access. Latest disclosed: 2026-04-23. Critical: 5, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-49803 | Critical | 9.8 | 2024-11-29 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a… |
CVE-2024-49806 | Critical | 9.4 | 2024-11-29 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its ow… |
CVE-2024-49805 | Critical | 9.4 | 2024-11-29 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its ow… |
CVE-2026-1346 | Critical | 9.3 | 2026-04-08 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 thr… |
CVE-2021-29665 | Critical | 9.0 | 2021-05-31 | IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execu… |
CVE-2026-1342 | High | 8.5 | 2026-04-07 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 thr… |
CVE-2026-4101 | High | 8.1 | 2026-04-01 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 thr… |
CVE-2025-36087 | High | 8.1 | 2025-10-13 | IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations… |
CVE-2025-0161 | High | 7.8 | 2025-02-20 | IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on… |
CVE-2024-49804 | High | 7.8 | 2024-11-29 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to un… |
CVE-2022-43740 | High | 7.5 | 2023-10-14 | IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238… |
CVE-2021-20576 | High | 7.5 | 2021-05-31 | IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. |
CVE-2026-1345 | High | 7.3 | 2026-04-01 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 thr… |
CVE-2020-4499 | High | 7.3 | 2020-10-15 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentica… |
CVE-2026-1343 | High | 7.2 | 2026-04-08 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 thr… |
CVE-2024-35133 | Medium | 6.8 | 2024-08-29 | IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect… |
CVE-2026-5926 | Medium | 6.5 | 2026-04-23 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 thr… |
CVE-2023-25927 | Medium | 6.5 | 2023-05-12 | IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTT… |
CVE-2022-36775 | Medium | 6.5 | 2023-02-17 | IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input b… |
CVE-2022-22465 | Medium | 6.3 | 2022-07-08 | IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access… |