Back to overview

CVE-2026-7364

LOW
3.1
CVSS 3.1
Description
IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 and IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites.

Metadata

CVE ID
CVE-2026-7364
State
PUBLISHED
Assigner
ibm
Reserved
2026-04-28 20:43 UTC
Published
2026-07-17 19:31 UTC
Last updated
2026-07-17 19:31 UTC
Primary CWE
CWE-601
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Vendor / Product
IBM / Verify Identity Access
Sources
cve.org  ·  NVD

Severity & Metrics

3.1 LOW CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Affected products (4)
VendorProductPlatformVersions
IBM Security Verify Access 10.0 ≤ 10.0.9.1
IBM Security Verify Access Container 10.0 ≤ 10.0.9.1
IBM Verify Identity Access 11.0 ≤ 11.0.2
IBM Verify Identity Access Container 11.0 ≤ 11.0.2
Weakness (CWE)
CWESourceDescription
CWE-601 cna CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CVSS scores (1)
ScoreSeverityVersionSourceVector
3.1 LOW 3.1 cna CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Back to overview