CVE-2026-4938
MEDIUM
6.5
CVSS 3.1
Description
IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 and IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 could allow an attacker with read-only privileges to make unauthorized modifications and deployments outside of their assigned permissions.
Metadata
Severity & Metrics
6.5
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products (4)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| IBM | Security Verify Access | — | 10.0 ≤ 10.0.9.1 |
| IBM | Security Verify Access Container | — | 10.0 ≤ 10.0.9.1 |
| IBM | Verify Identity Access | — | 11.0 ≤ 11.0.2 |
| IBM | Verify Identity Access Container | — | 11.0 ≤ 11.0.2 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-863 | cna | CWE-863 Incorrect Authorization |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.5 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
References (1)