High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-1343
High
Low
Medium
High
Critical
7.2
CVSS Score
Vulnerability Description
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
C
Confidentiality
L
Integrity
L
Availability
N
Known Affected Software
21 configuration(s) from 1 vendor(s)
security_verify_access
Version:
10.0.1
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.1:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.1.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.6
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.6:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.6
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.6:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.2
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.2:*:*:*:*:*:*:*
verify_identity_access
Version:
11.0.1.0
CPE:
cpe:2.3:a:ibm:verify_identity_access:11.0.1.0:-:*:*:*:*:*:*
security_verify_access
Version:
10.0.7.1
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.5
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.5:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.1
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.1:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.7
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.7:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.4
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.4:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.4.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.4.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.3
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.3:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.7
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.7:*:*:*:*:*:*:*
verify_identity_access
Version:
11.0.0
CPE:
cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.8
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.3.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.2.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.9.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.9.0:-:*:*:*:*:*:*
This vulnerability affects 21 software configuration(s). Ensure you patch all affected systems.
References & Resources
Severity Details
7.2
out of 10.0
High
Weakness Type (CWE)
CWE-918
Top 25 #20
Server-Side Request Forgery (SSRF)
- Description
- The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
- Typical Severity
- Medium
- OWASP Top 10
- A10:2021-Server-Side Request Forgery (SSRF)
- Abstraction Level
- Base
Key Information
- Published Date
- April 08, 2026
