Ibm Security Verify Access Appliance
30 CVEs affecting Ibm Security Verify Access Appliance. Latest disclosed: 2025-10-06. Critical: 1, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-36356 | Critical | 9.3 | 2025-10-06 | IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated us… |
CVE-2024-28787 | High | 8.7 | 2024-04-04 | IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive priva… |
CVE-2025-36355 | High | 8.5 | 2025-10-06 | IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated… |
CVE-2023-31003 | High | 8.4 | 2024-01-11 | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could all… |
CVE-2023-31004 | High | 8.3 | 2024-02-03 | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10… |
CVE-2023-43017 | High | 8.2 | 2024-02-07 | IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force… |
CVE-2024-49814 | High | 7.8 | 2025-02-06 | IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecess… |
CVE-2024-31873 | High | 7.5 | 2024-04-10 | IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtai… |
CVE-2024-31871 | High | 7.5 | 2024-04-10 | IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts du… |
CVE-2024-31872 | High | 7.5 | 2024-04-10 | IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scrip… |
CVE-2023-32330 | High | 7.5 | 2024-02-07 | IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Forc… |
CVE-2023-32328 | High | 7.5 | 2024-02-07 | IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of t… |
CVE-2023-30999 | High | 7.5 | 2024-02-03 | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10… |
CVE-2025-36354 | High | 7.3 | 2025-10-06 | IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated use… |
CVE-2023-43016 | High | 7.3 | 2024-02-03 | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10… |
CVE-2023-32327 | High | 7.1 | 2024-02-03 | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10… |
CVE-2024-35138 | Medium | 6.5 | 2025-02-04 | IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute m… |
CVE-2023-31006 | Medium | 6.5 | 2024-02-03 | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10… |
CVE-2024-31874 | Medium | 6.2 | 2024-04-10 | IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of servi… |
CVE-2023-38369 | Medium | 6.2 | 2024-02-07 | IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it eas… |