Description
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.
Published: 2026-04-01
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive information disclosure
Action: Patch Now
AI Analysis

Impact

An inconsistency in HTTP request parsing performed by a reverse proxy in IBM Verify Access and IBM Security Verify Access allows a remote attacker to access confidential identity and access data. This flaw, identified as a protocol implementation error (CWE-444), leads attackers to retrieve information that should be protected by the system's access controls. The vulnerability can compromise data confidentiality without granting system-level execution privileges.

Affected Systems

The affected products are IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1, along with their containerized variants (Verify Identity Access Container 11.0.x and Security Verify Access Container 10.0.x).

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while an EPSS score below 1% suggests a low probability of current exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack likely involves crafting HTTP requests that exploit the reverse proxy’s misinterpretation, allowing the attacker to read protected data. Prompt patching mitigates the exposure risk.

Generated by OpenCVE AI on April 8, 2026 at 00:51 UTC.

Remediation

Vendor Solution

IBM encourages customers to update their systems promptly.Appliance: Affected Products and VersionsFix availabilityIBM Verify Identity Access 11.0 - 11.0.2Download IBM Verify Identity Access v11.0.2 IF1IBM Security Verify Access 10.0 - 10.0.9.1Download IBM Security Verify Access v10.0.9.1 IF1Container:Container Download

OpenCVE Recommended Actions

  • Download and install IBM Verify Identity Access v11.0.2 IF1 from IBM Fix Central.
  • Download and install IBM Security Verify Access v10.0.9.1 IF1 from IBM Fix Central.
  • Apply the corresponding patches for the container deployments (Verify Identity Access Container 11.0.x and Security Verify Access Container 10.0.x).
  • Verify that the updates are applied correctly and the reverse proxy no longer misinterprets HTTP requests.
  • If patching cannot be performed immediately, block or limit external traffic to the reverse proxy using firewall rules or network segmentation.
  • Continuously monitor IBM security advisories for additional updates or mitigation guidance.

Generated by OpenCVE AI on April 8, 2026 at 00:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.
Title Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
First Time appeared Ibm
Ibm security Verify Access
Ibm security Verify Access Container
Ibm verify Identity Access
Ibm verify Identity Access Container
Weaknesses CWE-444
CPEs cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm security Verify Access
Ibm security Verify Access Container
Ibm verify Identity Access
Ibm verify Identity Access Container
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Ibm Security Verify Access Security Verify Access Container Verify Identity Access Verify Identity Access Container
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-04-08T00:18:04.049Z

Reserved: 2026-01-27T14:29:01.426Z

Link: CVE-2026-1491

cve-icon Vulnrichment

Updated: 2026-04-03T13:49:45.147Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T21:16:58.317

Modified: 2026-04-07T16:30:45.197

Link: CVE-2026-1491

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:53Z

Weaknesses