Primary

Context

IBM Security Verify Access and Identity Access Docker Command Injection Vulnerability

Vulnerability

Patched

A command injection vulnerability has been identified in IBM Security Verify Access and IBM Verify Identity Access Docker, specifically in versions 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0. This vulnerability allows an unauthenticated user to execute arbitrary commands with lower user privileges on the system, stemming from improper validation of user-supplied input.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands on the affected system, potentially allowing for further exploitation or manipulation of the system's functionality.

Remediation

Users are advised to update to IBM Security Verify Access Fixpack 10.0.9.0-IF3 or IBM Verify Identity Access Fixpack 11.0.1.0-IF1. Instructions for downloading these fixpacks are available on the IBM Support Fix Central website.

Added: Oct 6, 2025, 5:33 PM

Updated: Oct 6, 2025, 5:33 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

7.6

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

7.6

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Security Verify Access and Identity Access Docker Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Security Verify Access

IBM Security Verify Access Docker

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating