Description
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 under certain load conditions could allow an attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Published: 2026-04-01
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Patch Now
AI Analysis

Impact

A critical flaw in IBM Verify Identity Access and IBM Security Verify Access allows an attacker to bypass authentication under certain load conditions, granting unauthorized access to the application. The vulnerability is classified as Authentication Bypass (CWE‑287) and can lead to unauthorized data exposure, configuration changes, or lateral movement within the platform.

Affected Systems

Affected versions include IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1, along with their corresponding container editions. Patches are available as Verify Identity Access 11.0.2 IF1 and Security Verify Access 10.0.9.1 IF1.

Risk and Exploitability

The CVSS v3.1 base score of 8.1 indicates high severity, while the EPSS score of less than 1% suggests a low probability of public exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the likely attack vector is remote exploitation triggered by load-induced authentication failures; an attacker would need to generate traffic that stresses authentication mechanisms to activate the flaw.

Generated by OpenCVE AI on April 8, 2026 at 00:24 UTC.

Remediation

Vendor Solution

IBM encourages customers to update their systems promptly.   Appliance:  Affected Products and Versions Fix availability IBM Verify Identity Access 11.0 - 11.0.2 Download IBM Verify Identity Access v11.0.2 IF1 https://www.ibm.com/support/fixcentral/quickorder IBM Security Verify Access 10.0 - 10.0.9.1 Download IBM Security Verify Access v10.0.9.1 IF1 https://www.ibm.com/support/fixcentral/quickorder

OpenCVE Recommended Actions

  • Apply the IBM Verify Identity Access 11.0.2 IF1 patch to all non‑container deployments.
  • Apply the IBM Security Verify Access 10.0.9.1 IF1 patch to all non‑container deployments.
  • Update all containerized instances of Verify Identity Access and Security Verify Access to the patched images.
  • Verify the identity management service is running the patched version and restart if necessary.
  • Monitor authentication logs for anomalous activity and enforce rate limiting during peak load periods.

Generated by OpenCVE AI on April 8, 2026 at 00:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:*:*:*:*:*:*:*:*

Sat, 04 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 under certain load conditions could allow an attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Title Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
First Time appeared Ibm
Ibm security Verify Access
Ibm security Verify Access Container
Ibm verify Identity Access
Ibm verify Identity Access Container
Weaknesses CWE-287
CPEs cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm security Verify Access
Ibm security Verify Access Container
Ibm verify Identity Access
Ibm verify Identity Access Container
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ibm Security Verify Access Security Verify Access Container Verify Identity Access Verify Identity Access Container
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-04-03T13:02:16.369Z

Reserved: 2026-03-13T00:33:07.564Z

Link: CVE-2026-4101

cve-icon Vulnrichment

Updated: 2026-04-03T13:02:13.299Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T21:17:02.417

Modified: 2026-04-07T16:34:52.787

Link: CVE-2026-4101

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:56Z

Weaknesses