IBM Security Verify Access Password Change Vulnerability for Expired Users

Vulnerability

A vulnerability exists in IBM Security Verify Access versions 10.0.0 to 10.0.8, as well as in IBM Security Verify Access Docker versions 10.0.0 to 10.0.8. This vulnerability could allow an unverified user to change the password of an expired user without knowing the previous password.

Impact

Exploitation of this vulnerability could lead to unauthorized password changes for expired user accounts, potentially allowing those accounts to be reactivated or misused.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Security Verify Access Password Change Vulnerability for Expired Users

Vulnerability

Impact

Affected Products

IBM Security Verify Access

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating