CVE-2026-1491
Medium
Low
Medium
High
Critical
5.3
CVSS Score
Vulnerability Description
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
L
Integrity
N
Availability
N
Known Affected Software
21 configuration(s) from 1 vendor(s)
security_verify_access
Version:
10.0.1
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.1:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.1.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.6
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.6:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.6
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.6:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.2
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.2:*:*:*:*:*:*:*
verify_identity_access
Version:
11.0.1.0
CPE:
cpe:2.3:a:ibm:verify_identity_access:11.0.1.0:-:*:*:*:*:*:*
security_verify_access
Version:
10.0.7.1
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.5
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.5:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.1
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.1:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.7
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.7:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.4
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.4:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.4.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.4.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.3
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.3:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.7
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.7:*:*:*:*:*:*:*
verify_identity_access
Version:
11.0.0
CPE:
cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.8
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.3.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.2.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.9.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.9.0:-:*:*:*:*:*:*
This vulnerability affects 21 software configuration(s). Ensure you patch all affected systems.
References & Resources
Severity Details
5.3
out of 10.0
Medium
Weakness Type (CWE)
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
- Description
- The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that…
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- April 01, 2026
