Ibm Security Verify Access — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Security Verify Access, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (90)
CVE-2024-49803 — CVSS 9.8 (critical): IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the…
CVE-2021-39070 — CVSS 9.8 (critical): IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an…
CVE-2020-4499 — CVSS 9.8 (critical): IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or…
CVE-2024-49806 — CVSS 9.4 (critical): IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which…
CVE-2024-49805 — CVSS 9.4 (critical): IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which…
CVE-2025-36356 — CVSS 9.3 (critical): IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a…
CVE-2026-1346 — CVSS 9.3 (critical): IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify…
CVE-2024-28787 — CVSS 8.7 (high): IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain…
CVE-2026-1342 — CVSS 8.5 (high): IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify…
CVE-2025-36355 — CVSS 8.5 (high): IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a…
CVE-2023-31003 — CVSS 8.4 (high): IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker…
CVE-2023-31004 — CVSS 8.3 (high): IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker…
CVE-2023-43017 — CVSS 8.2 (high): IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote…
CVE-2025-36087 — CVSS 8.1 (high): IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under…
CVE-2026-4101 — CVSS 8.1 (high): IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify…
CVE-2021-29742 — CVSS 8.0 (high): IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.
CVE-2021-29665 — CVSS 7.8 (high): IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a…
CVE-2025-0161 — CVSS 7.8 (high): IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to…
CVE-2024-49814 — CVSS 7.8 (high): IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to…
CVE-2024-49804 — CVSS 7.8 (high): IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their…
CVE-2022-22465 — CVSS 7.8 (high): IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due…
CVE-2023-30999 — CVSS 7.5 (high): IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker…
CVE-2024-31873 — CVSS 7.5 (high): IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication…
CVE-2021-38957 — CVSS 7.5 (high): IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code…
CVE-2023-32328 — CVSS 7.5 (high): IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network…
CVE-2024-31872 — CVSS 7.5 (high): IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when…
CVE-2022-22464 — CVSS 7.5 (high): IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that…
CVE-2024-31871 — CVSS 7.5 (high): IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when…
CVE-2021-20439 — CVSS 7.5 (high): IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read…
CVE-2021-20497 — CVSS 7.5 (high): IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly…
CVE-2021-20576 — CVSS 7.5 (high): IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the…
CVE-2023-32330 — CVSS 7.5 (high): IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the…
CVE-2021-38921 — CVSS 7.5 (high): IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to…
CVE-2025-36354 — CVSS 7.3 (high): IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an…
CVE-2026-1345 — CVSS 7.3 (high): IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify…
CVE-2023-43016 — CVSS 7.3 (high): IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker…
CVE-2026-1343 — CVSS 7.2 (high): IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify…
CVE-2021-20533 — CVSS 7.2 (high): IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending…
CVE-2023-32327 — CVSS 7.1 (high): IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker…
CVE-2024-28772 — CVSS 6.8 (medium): IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting…
CVE-2021-29699 — CVSS 6.8 (medium): IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could…
CVE-2024-35133 — CVSS 6.8 (medium): IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks…
CVE-2026-5926 — CVSS 6.5 (medium): IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify…
CVE-2021-20537 — CVSS 6.5 (medium): IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its…
CVE-2022-22311 — CVSS 6.5 (medium): IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some…
CVE-2022-22463 — CVSS 6.5 (medium): IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could…
CVE-2022-36775 — CVSS 6.5 (medium): IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper…
CVE-2023-25927 — CVSS 6.5 (medium): IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using…
CVE-2023-30433 — CVSS 6.5 (medium): IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a…
CVE-2023-31006 — CVSS 6.5 (medium): IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker…
CVE-2024-35138 — CVSS 6.5 (medium): IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an…
CVE-2023-32329 — CVSS 6.2 (medium): IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker…
CVE-2023-31005 — CVSS 6.2 (medium): IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker…
CVE-2024-25027 — CVSS 6.2 (medium): IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607.
CVE-2024-31874 — CVSS 6.2 (medium): IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to…
CVE-2023-38267 — CVSS 6.2 (medium): IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker…
CVE-2019-4552 — CVSS 6.1 (medium): IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote…
CVE-2024-40700 — CVSS 6.1 (medium): IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows…
CVE-2024-43187 — CVSS 5.9 (medium): IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a…
CVE-2024-45647 — CVSS 5.6 (medium): IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an…
CVE-2023-30430 — CVSS 5.5 (medium): IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force…
CVE-2026-4364 — CVSS 5.4 (medium): IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify…
CVE-2022-22370 — CVSS 5.4 (medium): IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows…
CVE-2021-38895 — CVSS 5.4 (medium): IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2022-32759 — CVSS 5.3 (medium): IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which…
CVE-2021-38956 — CVSS 5.3 (medium): IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in…
CVE-2024-31883 — CVSS 5.3 (medium): IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a…
CVE-2024-45659 — CVSS 5.3 (medium): IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when…
CVE-2021-20585 — CVSS 5.3 (medium): IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against…
CVE-2025-0163 — CVSS 5.3 (medium): IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an…
CVE-2021-20498 — CVSS 5.3 (medium): IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the…
CVE-2020-4699 — CVSS 5.3 (medium): IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side…
CVE-2020-4661 — CVSS 5.3 (medium): IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side…
CVE-2026-1491 — CVSS 5.3 (medium): IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify…
CVE-2026-2862 — CVSS 5.3 (medium): IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify…
CVE-2020-4660 — CVSS 5.3 (medium): IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side…
CVE-2023-31001 — CVSS 5.1 (medium): IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker…
CVE-2024-45657 — CVSS 5.0 (medium): IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized…
CVE-2021-20511 — CVSS 4.9 (medium): IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a…
CVE-2021-20496 — CVSS 4.9 (medium): IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force…
CVE-2021-20524 — CVSS 4.8 (medium): IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2021-20500 — CVSS 4.4 (medium): IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.
CVE-2021-20510 — CVSS 4.4 (medium): IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID…
CVE-2021-20534 — CVSS 3.5 (low): IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By…
CVE-2021-20575 — CVSS 3.3 (low): IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.
CVE-2026-2475 — CVSS 3.1 (low): IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify…
CVE-2021-38894 — CVSS 2.7 (low): IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical…
CVE-2024-45658 — CVSS 2.7 (low): IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when…
CVE-2021-20523 — CVSS 2.7 (low): IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error…
CVE-2021-20499 — CVSS 2.7 (low): IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error…