Primary

Context

IBM Security Verify Access and IBM Verify Identity Access Arbitrary Code Execution Vulnerability

Vulnerability

Patched

A vulnerability allowing local users to execute arbitrary code has been identified in IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.0.9, as well as in IBM Verify Identity Access version 11.0.0.0. This issue arises from improper restrictions on code generation, which could be exploited by local users to inject and execute malicious code.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the affected system.

Remediation

Users are advised to update to IBM Security Verify Access version 10.0.9.0_IF1 or IBM Verify Identity Access version 11.0.0.0_IF1. Instructions for downloading these updates are available on the IBM Support Fix Central website. For containerized environments, refer to the IBM Security Verify Access Containers documentation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Security Verify Access and IBM Verify Identity Access Arbitrary Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Security Verify Access

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating