High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-1345
High
Low
Medium
High
Critical
7.3
CVSS Score
Vulnerability Description
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lower user privileges on the system due to improper validation of user supplied input.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
L
Integrity
L
Availability
L
Known Affected Software
21 configuration(s) from 1 vendor(s)
security_verify_access
Version:
10.0.1
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.1:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.1.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.6
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.6:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.6
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.6:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.2
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.2:*:*:*:*:*:*:*
verify_identity_access
Version:
11.0.1.0
CPE:
cpe:2.3:a:ibm:verify_identity_access:11.0.1.0:-:*:*:*:*:*:*
security_verify_access
Version:
10.0.7.1
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.5
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.5:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.1
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.1:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.7
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.7:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.4
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.4:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.4.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.4.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.3
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.3:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.7
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.7:*:*:*:*:*:*:*
verify_identity_access
Version:
11.0.0
CPE:
cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.8
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.3.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.2.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.9.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.9.0:-:*:*:*:*:*:*
This vulnerability affects 21 software configuration(s). Ensure you patch all affected systems.
References & Resources
Severity Details
7.3
out of 10.0
High
Weakness Type (CWE)
CWE-78
Top 25 #13
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- Description
- The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a…
- Exploit Likelihood
- High
- Typical Severity
- High
- OWASP Top 10
- A03:2021-Injection
- Abstraction Level
- Base
Key Information
- Published Date
- April 01, 2026
