threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm security verify access
Product
ibm security verify access
90 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-5926
>= 10.0.0.0 and <= 10.0.9.1
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Ve
6.5
MEDIUM
CVE-2026-1346
>= 10.0.0 and <= 10.0.9.1
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Ve
9.3
CRITICAL
CVE-2026-1343
>= 10.0.0 and <= 10.0.9.1
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Ve
7.2
HIGH
CVE-2026-1342
>= 10.0.0 and <= 10.0.9.1
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Ve
8.5
HIGH
CVE-2026-4364
>= 10.0.0.0 and <= 10.0.9.1
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Ve
5.4
MEDIUM
CVE-2026-4101
>= 10.0.0.0 and <= 10.0.9.1
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Ve
8.1
HIGH
CVE-2026-2862
>= 10.0.0.0 and <= 10.0.9.1
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Ve
5.3
MEDIUM
CVE-2026-2475
>= 10.0.0.0 and <= 10.0.9.1
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Ve
3.1
LOW
CVE-2026-1491
>= 10.0.0.0 and <= 10.0.9.1
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Ve
5.3
MEDIUM
CVE-2026-1345
>= 10.0.0.0 and <= 10.0.9.1
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Ve
7.3
HIGH
CVE-2025-36087
>= 10.0.0 and <= 10.0.9
IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0,
8.1
HIGH
CVE-2025-36356
>= 10.0.0.0 and < 10.0.9.0
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could all
9.3
CRITICAL
CVE-2025-36355
>= 10.0.0.0 and < 10.0.9.0
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could a
8.5
HIGH
CVE-2025-36354
>= 10.0.0.0 and < 10.0.9.0
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could
7.3
HIGH
CVE-2025-0163
>= 10.0.0 and < 10.0.9
IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an
5.3
MEDIUM
CVE-2025-0161
>= 10.0.0 and <= 10.0.0.9
IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due
7.8
HIGH
CVE-2024-49814
>= 10.0.0 and <= 10.0.3
IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges d
7.8
HIGH
CVE-2024-45658
>= 10.0.0 and <= 10.0.8
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive informa
2.7
LOW
CVE-2024-45657
>= 10.0.0.0 and < 10.0.9.0
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthoriz
5.0
MEDIUM
CVE-2024-43187
>= 10.0.0.0 and < 10.0.9.0
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartex
5.9
MEDIUM
CVE-2024-40700
>= 10.0.0.0 and < 10.0.9.0
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability
6.1
MEDIUM
CVE-2024-35138
>= 10.0.0 and <= 10.0.8
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could a
6.5
MEDIUM
CVE-2024-45659
>= 10.0.0.0 and < 10.0.9.0
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive informa
5.3
MEDIUM
CVE-2024-45647
>= 10.0.0 and <= 10.0.8
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an
5.6
MEDIUM
CVE-2024-49806
>= 10.0.0 and <= 10.0.8
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic
9.4
CRITICAL
CVE-2024-49805
>= 10.0.0 and <= 10.0.8
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic
9.4
CRITICAL
CVE-2024-49804
>= 10.0.0 and <= 10.0.8
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escala
7.8
HIGH
CVE-2024-49803
>= 10.0.0 and <= 10.0.8
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary comman
9.8
CRITICAL
CVE-2024-35133
>= 10.0.0 and <= 10.0.8
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing att
6.8
MEDIUM
CVE-2024-28772
all versions
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scr
6.8
MEDIUM
CVE-2022-32759
all versions
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration w
5.3
MEDIUM
CVE-2024-31883
>= 10.0.0.0 and <= 10.0.7.1
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cau
5.3
MEDIUM
CVE-2023-30430
>= 10.0.0.0 and <= 10.0.7.1
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM
5.5
MEDIUM
CVE-2024-31874
>= 10.0.0 and <= 10.0.7
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local us
6.2
MEDIUM
CVE-2024-31873
>= 10.0.0 and <= 10.0.7
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authe
7.5
HIGH
CVE-2024-31872
>= 10.0.0 and <= 10.0.7
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack whe
7.5
HIGH
CVE-2024-31871
>= 10.0.0 and <= 10.0.7
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack whe
7.5
HIGH
CVE-2024-28787
>= 10.0.0 and <= 10.0.7
IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to
8.7
HIGH
CVE-2024-25027
all versions
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 28160
6.2
MEDIUM
CVE-2023-43017
>= 10.0.0.0 and <= 10.0.6.1
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allo
8.2
HIGH
CVE-2023-32330
>= 10.0.0.0 and <= 10.0.6.1
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take contr
7.5
HIGH
CVE-2023-32328
>= 10.0.0.0 and <= 10.0.6.1
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the
7.5
HIGH
CVE-2023-43016
>= 10.0.0.0 and <= 10.0.6.1
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Acce
7.3
HIGH
CVE-2023-32329
>= 10.0.0.0 and <= 10.0.6.1
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Acce
6.2
MEDIUM
CVE-2023-32327
>= 10.0.0.0 and <= 10.0.6.1
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Acce
7.1
HIGH
CVE-2023-31006
>= 10.0.0.0 and <= 10.0.6.1
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Acce
6.5
MEDIUM
CVE-2023-31005
>= 10.0.0.0 and <= 10.0.6.1
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Acce
6.2
MEDIUM
CVE-2023-31004
>= 10.0.0.0 and <= 10.0.6.1
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Acce
8.3
HIGH
CVE-2023-30999
>= 10.0.0.0 and <= 10.0.6.1
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Acce
7.5
HIGH
CVE-2023-38267
>= 10.0.0.0 and < 10.0.0.7
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Acce
6.2
MEDIUM
CVE-2023-31003
>= 10.0.0.0 and < 10.0.0.7
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Acce
8.4
HIGH
CVE-2023-31001
>= 10.0.0.0 and < 10.0.0.7
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Acce
5.1
MEDIUM
CVE-2023-30433
all versions
IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persu
6.5
MEDIUM
CVE-2023-25927
all versions
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald proces
6.5
MEDIUM
CVE-2022-36775
all versions
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by i
6.5
MEDIUM
CVE-2022-22465
all versions
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privi
7.8
HIGH
CVE-2022-22464
all versions
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithm
7.5
HIGH
CVE-2022-22463
all versions
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker
6.5
MEDIUM
CVE-2022-22370
all versions
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability al
5.4
MEDIUM
CVE-2022-22311
all versions
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly cha
6.5
MEDIUM
CVE-2021-39070
all versions
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could a
9.8
CRITICAL
CVE-2021-38957
all versions
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during Q
7.5
HIGH
CVE-2021-38956
all versions
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that coul
5.3
MEDIUM
CVE-2021-38921
all versions
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker
7.5
HIGH
CVE-2021-38895
all versions
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed
5.4
MEDIUM
CVE-2021-38894
all versions
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed t
2.7
LOW
CVE-2021-29742
all versions
IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.
8.0
HIGH
CVE-2021-29699
all versions
IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type t
6.8
MEDIUM
CVE-2021-20537
all versions
IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses f
6.5
MEDIUM
CVE-2021-20534
all versions
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
3.5
LOW
CVE-2021-20533
all versions
IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system b
7.2
HIGH
CVE-2021-20524
all versions
IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary
4.8
MEDIUM
CVE-2021-20523
all versions
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical e
2.7
LOW
CVE-2021-20511
all versions
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could se
4.9
MEDIUM
CVE-2021-20510
all versions
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Forc
4.4
MEDIUM
CVE-2021-20500
all versions
IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197
4.4
MEDIUM
CVE-2021-20499
all versions
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical e
2.7
LOW
CVE-2021-20498
all versions
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks agains
5.3
MEDIUM
CVE-2021-20497
all versions
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decryp
7.5
HIGH
CVE-2021-20496
all versions
IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X
4.9
MEDIUM
CVE-2021-20439
all versions
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can
7.5
HIGH
CVE-2021-29665
all versions
IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could al
7.8
HIGH
CVE-2021-20585
all versions
IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks
5.3
MEDIUM
CVE-2021-20576
all versions
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the a
7.5
HIGH
CVE-2021-20575
all versions
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID
3.3
LOW
CVE-2020-4499
>= 10.0.0 and < 10.0.0.1
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass
9.8
CRITICAL
CVE-2019-4552
>= 10.0.0 and < 10.0.0.1
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remot
6.1
MEDIUM
CVE-2020-4699
all versions
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing s
5.3
MEDIUM
CVE-2020-4661
all versions
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing s
5.3
MEDIUM
CVE-2020-4660
all versions
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing s
5.3
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin