Unauthorized Modifications in IBM Verify Identity Access and Security Verify Access
CVE-2026-4938

6.5MEDIUM

What is CVE-2026-4938?

A vulnerability exists in IBM Verify Identity Access and IBM Security Verify Access that allows attackers with read-only privileges to perform unauthorized modifications and deployments. This issue arises from improper access control mechanisms that fail to restrict certain actions outside the user's assigned permissions. As a result, this can lead to potentially serious security implications if exploited.

Affected Version(s)

Security Verify Access 10.0 <= 10.0.9.1

Security Verify Access Container 10.0 <= 10.0.9.1

Verify Identity Access 11.0 <= 11.0.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.