Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-1342

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-07 Apr, 2026 | 23:21
Updated At-08 Apr, 2026 | 14:24
Rejected At-
Credits

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:07 Apr, 2026 | 23:21
Updated At:08 Apr, 2026 | 14:24
Rejected At:
▼CVE Numbering Authority (CNA)
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.

Affected Products
Vendor
IBM CorporationIBM
Product
Verify Identity Access Container
CPEs
  • cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*
Versions
Affected
  • From 11.0 through 11.0.2 (semver)
Vendor
IBM CorporationIBM
Product
Security Verify Access Container
CPEs
  • cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*
Versions
Affected
  • From 10.0 through 10.0.9.1 (semver)
Vendor
IBM CorporationIBM
Product
Verify Identity Access
CPEs
  • cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*
Versions
Affected
  • From 11.0 through 11.0.2 (semver)
Vendor
IBM CorporationIBM
Product
Security Verify Access
CPEs
  • cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*
Versions
Affected
  • From 10.0 through 10.0.9.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-829CWE-829 Inclusion of Functionality from Untrusted Control Sphere
Type: CWE
CWE ID: CWE-829
Description: CWE-829 Inclusion of Functionality from Untrusted Control Sphere
Metrics
VersionBase scoreBase severityVector
3.18.5HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

IBM encourages customers to update their systems promptly.   Appliance:  Affected Products and Versions Fix availability IBM Verify Identity Access 11.0 - 11.0.2 Download IBM Verify Identity Access v11.0.2 IF1 https://www.ibm.com/support/fixcentral/quickorder IBM Security Verify Access 10.0 - 10.0.9.1 Download IBM Security Verify Access v10.0.9.1 IF1 https://www.ibm.com/support/fixcentral/quickorder   Container: Container Download https://docs.verify.ibm.com/ibm-security-verify-access/docs/containers

Configurations
Workarounds

None None

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7268253
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7268253
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:08 Apr, 2026 | 00:16
Updated At:09 Apr, 2026 | 18:29

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.5HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
Primary3.17.9HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
Type: Primary
Version: 3.1
Base score: 7.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
CPE Matches
IBM Corporation
ibm
>>security_verify_access>>Versions from 10.0.0(inclusive) to 10.0.9.1(inclusive)
cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>security_verify_access_container>>Versions from 10.0.0.0(inclusive) to 10.0.9.1(inclusive)
cpe:2.3:a:ibm:security_verify_access_container:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>verify_identity_access>>Versions from 11.0.0.0(inclusive) to 11.0.2.0(inclusive)
cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>verify_identity_access_container>>Versions from 11.0.0.0(inclusive) to 11.0.2.0(inclusive)
cpe:2.3:a:ibm:verify_identity_access_container:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-829Primarypsirt@us.ibm.com
CWE ID: CWE-829
Type: Primary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7268253psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7268253
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2025-36355
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.83%
||
7 Day CHG~0.00%
Published-06 Oct, 2025 | 16:52
Updated-15 Dec, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access code execution

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_dockerverify_identity_accesssecurity_verify_accessverify_identity_access_dockerSecurity Verify Access ApplianceSecurity Verify Access Docker
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2017-1376
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 74.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.

Action-Not Available
Vendor-IBM Corporation
Product-operations_analytics_predictive_insightsOperations Analytics Predictive Insights
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2021-29777
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.91%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 18:45
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2021-20443
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 46.29%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 15:10
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsmaximo_for_civil_infrastructurelinux_kernelMaximo for Civil Infrastructure
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2022-22308
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.17% / 37.23%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 18:10
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning AnalyticsPlanning Analytics Workspace
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2020-4561
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-10||CRITICAL
EPSS-0.87% / 75.65%
||
7 Day CHG~0.00%
Published-31 May, 2021 | 15:10
Updated-17 Sep, 2024 | 03:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2019-4263
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.38%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 19:55
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015.

Action-Not Available
Vendor-IBM Corporation
Product-content_navigatorContent Navigator
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
Details not found