Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary
| CVE | CVE-2026-4938 |
|---|---|
| State | PUBLISHED |
| Assigner | ibm |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-17 20:17:23 UTC |
| Updated | 2026-07-17 20:17:23 UTC |
| Description | IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 and IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 could allow an attacker with read-only privileges to make unauthorized modifications and deployments outside of their assigned permissions. |
Risk And Classification
Primary CVSS: v3.1 6.5 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Problem Types: CWE-863 | CWE-863 CWE-863 Incorrect Authorization
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
| 3.1 | CNA | CVSS | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
CVSS v3.1 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | IBM | Verify Identity Access | affected 11.0 11.0.2 semver | Not specified |
| CNA | IBM | Security Verify Access | affected 10.0 10.0.9.1 semver | Not specified |
| CNA | IBM | Verify Identity Access Container | affected 11.0 11.0.2 semver | Not specified |
| CNA | IBM | Security Verify Access Container | affected 10.0 10.0.9.1 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.ibm.com/support/pages/node/7279510 | [email protected] | www.ibm.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Additional Advisory Data
Solutions
CNA: IBM encourages customers to update their systems promptly. Appliance: Affected Products and Versions Fix availability IBM Verify Identity Access 11.0 - 11.0.2 Download IBM Verify Identity Access v11.0.3 https://www.ibm.com/support/pages/download-ibm-verify-identity-access-v1103 IBM Security Verify Access 10.0 0 - 10.0.9.1 Download IBM Security Verify Access v10.0.9.2 https://www.ibm.com/support/fixcentral/quickorder Container: Container Download https://docs.verify.ibm.com/ibm-security-verify-access/docs/containers