Changeflow GovPing Data Privacy & Cybersecurity IBM Verify Access Critical Flaws Allow Admin Ac...
Urgent Notice Added Final

IBM Verify Access Critical Flaws Allow Admin Access and Code Execution

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 31st, 2026
Detected April 1st, 2026
Email

Summary

CERT-Bund issued advisory WID-SEC-2026-0949 identifying multiple critical vulnerabilities in IBM Security Verify Access (versions prior to 10.0.9.1 IF1) with a CVSS Base Score of 9.8. The flaws allow remote attackers to gain administrator privileges, execute arbitrary code, bypass security controls, perform cross-site scripting attacks, and modify or disclose data. A mitigation is available.

View original document View source feed page

What changed

CERT-Bund disclosed critical vulnerabilities in IBM Security Verify Access affecting versions below 10.0.9.1 IF1 across UNIX, Windows, and other platforms. The vulnerabilities carry a CVSS Base Score of 9.8 (Critical) and Temporal Score of 8.5 (High), enabling complete system compromise through administrator privilege escalation and arbitrary code execution.

Organizations using IBM Security Verify Access must immediately verify their installed version and apply available mitigations or patches. Given the critical severity and remote attack vector, affected entities should treat this as a priority security incident and implement remediation without delay.

What to do next

  1. Identify all deployments of IBM Security Verify Access in the environment and verify current version numbers
  2. Upgrade to version 10.0.9.1 IF1 or later immediately if running an affected version
  3. Review access logs for signs of exploitation given the critical severity and availability of remote attacks

Source document (simplified)

[WID-SEC-2026-0949] IBM Security Verify Access: Mehrere Schwachstellen CVSS Base Score 9.8 (kritisch) CVSS Temporal Score 8.5 (hoch) Remoteangriff ja Datum 31.03.2026 Stand 01.04.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

IBM Security Verify Access, ehemals IBM Security Access Manager (ISAM), ist eine Zugriffsverwaltungslösung.

Produkte

31.03.2026
- IBM Security Verify Access <10.0.9.1 IF1

Angriff

Angriff

Ein Angreifer kann mehrere Schwachstellen in IBM Security Verify Access ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen sowie Daten zu verändern oder offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Critical xz Utils Vulnerability Enables Remote Code Execution
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Vim Vulnerability - Arbitrary Code Execution Risk
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de gdk-pixbuf Vulnerability - Denial of Service and Remote Code Execution Risk
Priority review Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for changeflow.com Method and System for IoT Device Interaction Cryptography
Routine Apr 01, 2026 ChangeBridge: EPO Bulletin - Networking (H04L) Telecom & Technology
Favicon for changeflow.com Detecting Anomalous Network Activity - Patent EP4078417A1
Routine Apr 01, 2026 ChangeBridge: EPO Bulletin - AI & Computing (G06N) Telecom & Technology
Favicon for oig.justice.gov OJP Security Controls and PSOB System 2.0 Audit
Routine Apr 01, 2026 DOJ Inspector General Reports Consumer Protection

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 31st, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0949

Who this affects

Applies to
Technology companies Government agencies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability Management Access Control Remote Authentication
Threshold
IBM Security Verify Access < 10.0.9.1 IF1
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF NIST 800-53
Topics
Data Privacy Network Security

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 283 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.