Primary

Context

IBM Security Verify Access and Docker Username Enumeration Vulnerability

Vulnerability

Patched

A vulnerability in IBM Security Verify Access Appliance and Docker versions 10.0 through 10.0.8 allows remote attackers to enumerate usernames. This issue arises from an observable response discrepancy related to disabled accounts, which can be exploited to infer the existence of certain usernames.

Impact

Exploitation of this vulnerability could lead to unauthorized username enumeration, allowing attackers to identify valid user accounts.

Remediation

Users are advised to update to IBM Security Verify Access version 10.0.9 or IBM Verify Identity Access version 11.0. Instructions for downloading these updates are available on the IBM Support website. For Docker users, log into IBM Cloud Registry and follow the update instructions provided in the IBM Verify Identity Access v11 support page.

Added: Jun 11, 2025, 3:37 PM

Updated: Jun 11, 2025, 3:37 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Security Verify Access and Docker Username Enumeration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Security Verify Access

IBM Security Verify Access Docker

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating