EUVD-2026-18025
GHSA-2735-h8hh-rc35
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Tags
Description
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lower user privileges on the system due to improper validation of user supplied input.
Analysis
Command injection vulnerability in IBM Security Verify Access and IBM Verify Identity Access (versions 10.0-10.0.9.1 and 11.0-11.0.2, both containerized and non-containerized deployments) allows remote unauthenticated attackers to execute arbitrary commands with lower user privileges. The vulnerability stems from improper validation of user-supplied input (CWE-78). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all IBM Security Verify Access and Verify Identity Access deployments (both containerized and non-containerized) running affected versions (10.0-10.0.9.1 or 11.0-11.0.2) and isolate them from untrusted networks if patch cannot be applied immediately. Within 7 days: Apply IBM vendor-released patch to all affected instances; consult IBM advisory for specific patch versions by deployment type. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today