Back to overview

CVE-2026-4938

MEDIUM
6.5
CVSS 3.1
Description
IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 and IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 could allow an attacker with read-only privileges to make unauthorized modifications and deployments outside of their assigned permissions.

Metadata

CVE ID
CVE-2026-4938
State
PUBLISHED
Assigner
ibm
Reserved
2026-03-26 21:00 UTC
Published
2026-07-17 19:34 UTC
Last updated
2026-07-17 19:34 UTC
Primary CWE
CWE-863
CWE-863 Incorrect Authorization
Vendor / Product
IBM / Verify Identity Access
Sources
cve.org  ·  NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products (4)
VendorProductPlatformVersions
IBM Security Verify Access 10.0 ≤ 10.0.9.1
IBM Security Verify Access Container 10.0 ≤ 10.0.9.1
IBM Verify Identity Access 11.0 ≤ 11.0.2
IBM Verify Identity Access Container 11.0 ≤ 11.0.2
Weakness (CWE)
CWESourceDescription
CWE-863 cna CWE-863 Incorrect Authorization
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.5 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Back to overview