Description
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lower user privileges on the system due to improper validation of user supplied input.
Published: 2026-04-01
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Unrestricted command execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability permits an unauthenticated attacker to run arbitrary operating‑system commands at the level of a low‑privileged user because the product does not properly sanitize user‑supplied input. This is an OS command injection flaw that can allow the attacker to gain unauthorized control over the host, potentially leading to data modification or further lateral movement.

Affected Systems

IBM Verify Identity Access versions 11.0 through 11.0.2 and IBM Verify Identity Access Container 11.0 through 11.0.2, as well as IBM Security Verify Access versions 10.0 through 10.0.9.1 and IBM Security Verify Access Container 10.0 through 10.0.9.1, are affected. Patches are available as IBM Verify Identity Access v11.0.2 IF1 and IBM Security Verify Access v10.0.9.1 IF1, which correct the input validation issue.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity while the EPSS score of less than 1 % suggests a low current likelihood of exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that the attack vector is through remote input—such as a web or API endpoint—without authentication, allowing the attacker to trigger the command‑execution flaw.

Generated by OpenCVE AI on April 8, 2026 at 01:56 UTC.

Remediation

Vendor Solution

IBM encourages customers to update their systems promptly.   Appliance:  Affected Products and Versions Fix availability IBM Verify Identity Access 11.0 - 11.0.2 Download IBM Verify Identity Access v11.0.2 IF1 https://www.ibm.com/support/fixcentral/quickorder IBM Security Verify Access 10.0 - 10.0.9.1 Download IBM Security Verify Access v10.0.9.1 IF1 https://www.ibm.com/support/fixcentral/quickorder

OpenCVE Recommended Actions

  • Apply the IBM Verify Identity Access v11.0.2 IF1 update.
  • Apply the IBM Security Verify Access v10.0.9.1 IF1 update.
  • Verify that the patched versions are active and that the affected services are restarted.
  • Monitor system logs for any anomalous command activity after the update.

Generated by OpenCVE AI on April 8, 2026 at 01:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lower user privileges on the system due to improper validation of user supplied input.
Title Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
First Time appeared Ibm
Ibm security Verify Access
Ibm security Verify Access Container
Ibm verify Identity Access
Ibm verify Identity Access Container
Weaknesses CWE-78
CPEs cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm security Verify Access
Ibm security Verify Access Container
Ibm verify Identity Access
Ibm verify Identity Access Container
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Ibm Security Verify Access Security Verify Access Container Verify Identity Access Verify Identity Access Container
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-04-03T13:01:57.966Z

Reserved: 2026-01-22T16:25:31.568Z

Link: CVE-2026-1345

cve-icon Vulnrichment

Updated: 2026-04-02T15:48:13.878Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T21:16:58.110

Modified: 2026-04-07T16:26:43.470

Link: CVE-2026-1345

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:55Z

Weaknesses