IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIBM Security Access Manager
APPIbm9.0.7.0 – 9.0.7.2 (bez)IBM Security Verify Access
APPIbm10.0.0 – 10.0.0.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2026-1346CRITICAL9.3PL ✓ten sam produkt
Privilege escalation do root w IBM Security Verify Access i Verify Identity Access
CVE-2025-36356CRITICAL9.3PL ✓ten sam produkt
IBM Security Verify Access — privilege escalation do root przez nadmiarowe uprawnienia
CVE-2024-49805CRITICAL9.4PL ✓ten sam produkt
IBM Security Verify Access — zakodowane na stałe poświadczenia (hard-coded credentials)
CVE-2024-49803CRITICAL9.8PL ✓ten sam produkt
IBM Security Verify Access — zdalne wykonanie poleceń (command injection)
CVE-2024-49806CRITICAL9.4PL ✓ten sam produkt
IBM Security Verify Access — zakodowane na stałe poświadczenia (hard-coded credentials)