Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8011 vulnerabilities by IBM
CVE-2026-1726 (GCVE-0-2026-1726)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:42 – Updated: 2026-04-23 12:57
VLAI?
Title
Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager
Summary
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1
Severity ?
4.8 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Guardium Key Lifecycle Manager |
Affected:
4.1.0
(semver)
Affected: 4.1.1 (semver) Affected: 4.2.0 (semver) Affected: 4.2.1 (semver) Affected: 5.0.0 (semver) Affected: 5.1.0 (semver) cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-1726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T12:57:21.810623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T12:57:25.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1.0:*:*:*:*:*:*:*"
],
"product": "Guardium Key Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.1.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.2.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1\u003c/p\u003e"
}
],
"value": "IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T23:42:05.901Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268697"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u00a0\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003ePrincipal Product and Version(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fixes\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v4.1\u003c/td\u003e\u003ctd\u003e\u003cp\u003e1. Download IBM Guardium Key Lifecycle Manager\u00a0\u003ca href=\"https://www.ibm.com/software/passportadvantage/pao-customer\" rel=\"nofollow\"\u003e(GKLM) v5.1\u003c/a\u003e (the product is available for download through\u003ca href=\"https://www.ibm.com/software/passportadvantage/pao-customer\" rel=\"nofollow\"\u003e IBM Passport Advantage)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e2. Apply \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Tivoli+Key+Lifecycle+Manager\u0026amp;fixids=5.1.0-ISS-GKLM-FP0001\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\" rel=\"nofollow\"\u003e5.1.0-ISS-GKLM-FP0001\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v4.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v4.2\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v4.2.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v5.0\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v5.1\u003c/td\u003e\u003ctd\u003eApply \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Tivoli+Key+Lifecycle+Manager\u0026amp;fixids=5.1.0-ISS-GKLM-FP0001\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\" rel=\"nofollow\"\u003e5.1.0-ISS-GKLM-FP0001\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eDownload instruction -\u00a0\u003ca href=\"https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\u00a0\n\nPrincipal Product and Version(s)Remediation/FixesIBM Guardium Key Lifecycle Manager (GKLM) v4.11. Download IBM Guardium Key Lifecycle Manager\u00a0 https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions"
}
],
"title": "Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1726",
"datePublished": "2026-04-22T23:42:05.901Z",
"dateReserved": "2026-01-30T22:03:35.181Z",
"dateUpdated": "2026-04-23T12:57:25.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36074 (GCVE-0-2025-36074)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:39 – Updated: 2026-04-23 14:35
VLAI?
Title
Security vulnerability has been detected in IBM Security Verify Directory
Summary
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system.
Severity ?
5.5 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Directory (Container) |
Affected:
10.0.0 , ≤ 10.0.0.3
(semver)
cpe:2.3:a:ibm:security_verify_directory_container:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_directory_container:10.0.0.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T14:35:10.553484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T14:35:26.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_directory_container:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_directory_container:10.0.0.3:*:*:*:*:*:*:*"
],
"product": "Security Verify Directory (Container)",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.0.3",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system.\u003c/p\u003e"
}
],
"value": "IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T23:39:34.598Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268907"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM strongly encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAffected Version(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Security Verify Directory (Container)\u003c/td\u003e\u003ctd\u003e10.0.0-10.0.3\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/ibm-security-verify-directory-version-10040-download-document\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/ibm-security-verify-directory-version-10040-download-document\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "IBM strongly encourages customers to update their systems promptly.\n\nProduct(s)Affected Version(s)FixIBM Security Verify Directory (Container)10.0.0-10.0.3 https://www.ibm.com/support/pages/ibm-security-verify-directory-version-10040-download-document"
}
],
"title": "Security vulnerability has been detected in IBM Security Verify Directory",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36074",
"datePublished": "2026-04-22T23:39:34.598Z",
"dateReserved": "2025-04-15T21:16:13.121Z",
"dateUpdated": "2026-04-23T14:35:26.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5926 (GCVE-0-2026-5926)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:38 – Updated: 2026-04-23 12:49
VLAI?
Title
Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Severity ?
6.5 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Verify Identity Access Container |
Affected:
11.0 , ≤ 11.0.2
(semver)
cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:* |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T12:49:48.620762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T12:49:52.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.\u003c/p\u003e"
}
],
"value": "IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T23:39:07.336Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7269372"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAppliance:\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eAffected Products and Versions\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eFix availability\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Verify Identity Access 11.0 - 11.0.2\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security\u0026amp;product=ibm/Tivoli/IBM+Verify+Identity+Access\u0026amp;release=11.0.2.0\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=11.0.2.0-ISS-IVIA-IF0001+\u0026amp;includeSupersedes=0\" rel=\"nofollow\"\u003eDownload IBM Verify Identity Access v11.0.2 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Security Verify Access 10.0.0 - 10.0.9.1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security\u0026amp;product=ibm/Tivoli/IBM+Security+Verify+Access\u0026amp;release=10.0.9.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=10.0.9.1-ISS-ISVA-IF0001+\u0026amp;includeSupersedes=0\" rel=\"nofollow\"\u003eDownload IBM Security Verify Access v10.0.9.1 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/thead\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eContainer:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://docs.verify.ibm.com/ibm-security-verify-access/docs/containers\" rel=\"nofollow\"\u003eContainer Download\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.Appliance:Affected Products and VersionsFix availabilityIBM Verify Identity Access 11.0 - 11.0.2Download IBM Verify Identity Access v11.0.2 IF1IBM Security Verify Access 10.0.0 - 10.0.9.1Download IBM Security Verify Access v10.0.9.1 IF1Container:Container Download"
}
],
"title": "Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-5926",
"datePublished": "2026-04-22T23:38:46.689Z",
"dateReserved": "2026-04-08T22:30:44.020Z",
"dateUpdated": "2026-04-23T12:49:52.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1352 (GCVE-0-2026-1352)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:37 – Updated: 2026-04-23 13:57
VLAI?
Title
IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.
Severity ?
6.5 (Medium)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T13:57:26.724539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:57:34.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.4",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u0026nbsp;authenticated user to cause a denial of service due to improper neutralization of special\u0026nbsp;elements in data query logic.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u00a0authenticated user to cause a denial of service due to improper neutralization of special\u00a0elements in data query logic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T23:37:41.981Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7269433"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000913J/dt459558\" rel=\"nofollow\"\u003eDT459558\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #79671 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000913J/dt459558\" rel=\"nofollow\"\u003eDT459558\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #80714 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\nV12.1\n\n\n\nTBD\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
}
],
"title": "IBM\u00ae Db2\u00ae is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSet the following registry variable to avoid SORT operations that are used for some JOIN optimization techniques:\u003c/p\u003e\u003cp\u003edb2set -im DB2_REDUCED_OPTIMIZATION=\"NO_SORT_NLJOIN,NO_SORT_MGJOIN\"\u003c/p\u003e"
}
],
"value": "Set the following registry variable to avoid SORT operations that are used for some JOIN optimization techniques:\n\ndb2set -im DB2_REDUCED_OPTIMIZATION=\"NO_SORT_NLJOIN,NO_SORT_MGJOIN\""
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1352",
"datePublished": "2026-04-22T23:37:35.127Z",
"dateReserved": "2026-01-22T17:35:12.277Z",
"dateUpdated": "2026-04-23T13:57:34.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1272 (GCVE-0-2026-1272)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:33 – Updated: 2026-04-23 16:23
VLAI?
Title
IBM Guardium Data Protection is affected by multiple vulnerabilities
Summary
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.
Severity ?
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Guardium Data Protection |
Affected:
12.0 , ≤ 9.6.0
(semver)
Affected: 12.1 Affected: 12.2 cpe:2.3:a:ibm:guardium_data_protection:12.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_data_protection:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_data_protection:12.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_data_protection:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_data_protection:12.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_data_protection:12.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T13:57:36.886665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T16:23:59.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:guardium_data_protection:12.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_data_protection:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_data_protection:12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_data_protection:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_data_protection:12.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_data_protection:12.2.0:*:*:*:*:*:*:*"
],
"product": "Guardium Data Protection",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "9.6.0",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "12.1"
},
{
"status": "affected",
"version": "12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.\u003c/p\u003e"
}
],
"value": "IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T23:36:36.464Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7269445"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003e\u0026nbsp;Product\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersions\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003e\u0026nbsp;Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Data Protection\u003c/td\u003e\u003ctd\u003e12.0\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.0\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p55_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.0\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p55_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Data Protection\u003c/td\u003e\u003ctd\u003e12.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p140_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p140_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Data Protection\u003c/td\u003e\u003ctd\u003e12.2\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.2\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p210_GPU_Dec_2025_V12.2.1_FC\u0026amp;includeSupersedes=0\u0026amp;source=fc\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.2\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p210_GPU_Dec_2025_V12.2.1_FC\u0026amp;includeSupersedes=0\u0026amp;source=fc\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u00a0ProductVersions\u00a0FixIBM Guardium Data Protection12.0 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026product=ibm/Information+Management/InfoSphere+Guardium\u0026release=12.0\u0026platform=Linux\u0026function=fixId\u0026fixids=SqlGuard-12.0p55_Bundle\u0026includeSupersedes=0\u0026source=fc IBM Guardium Data Protection12.1 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026product=ibm/Information+Management/InfoSphere+Guardium\u0026release=12.1\u0026platform=Linux\u0026function=fixId\u0026fixids=SqlGuard-12.0p140_Bundle\u0026includeSupersedes=0\u0026source=fc IBM Guardium Data Protection12.2 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026product=ibm/Information+Management/InfoSphere+Guardium\u0026release=12.2\u0026platform=Linux\u0026function=fixId\u0026fixids=SqlGuard-12.0p210_GPU_Dec_2025_V12.2.1_FC\u0026includeSupersedes=0\u0026source=fc"
}
],
"title": "IBM Guardium Data Protection is affected by multiple vulnerabilities",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1272",
"datePublished": "2026-04-22T23:33:45.499Z",
"dateReserved": "2026-01-20T21:47:46.979Z",
"dateUpdated": "2026-04-23T16:23:59.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1274 (GCVE-0-2026-1274)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:30 – Updated: 2026-04-23 12:50
VLAI?
Title
IBM Guardium Data Protection is affected by multiple vulnerabilities
Summary
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel.
Severity ?
4.9 (Medium)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Guardium Data Protection |
Affected:
12.0 , ≤ 9.6.0
(semver)
Affected: 12.1 Affected: 12.2 cpe:2.3:a:ibm:guardium_data_protection:12.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_data_protection:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_data_protection:12.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_data_protection:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_data_protection:12.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_data_protection:12.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T12:50:16.276154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T12:50:23.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:guardium_data_protection:12.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_data_protection:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_data_protection:12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_data_protection:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_data_protection:12.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_data_protection:12.2.0:*:*:*:*:*:*:*"
],
"product": "Guardium Data Protection",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "9.6.0",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "12.1"
},
{
"status": "affected",
"version": "12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel.\u003c/p\u003e"
}
],
"value": "IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T23:30:59.128Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7269445"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003e\u0026nbsp;Product\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersions\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003e\u0026nbsp;Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Data Protection\u003c/td\u003e\u003ctd\u003e12.0\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.0\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p55_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.0\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p55_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Data Protection\u003c/td\u003e\u003ctd\u003e12.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p140_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p140_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Data Protection\u003c/td\u003e\u003ctd\u003e12.2\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.2\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p210_GPU_Dec_2025_V12.2.1_FC\u0026amp;includeSupersedes=0\u0026amp;source=fc\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.2\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p210_GPU_Dec_2025_V12.2.1_FC\u0026amp;includeSupersedes=0\u0026amp;source=fc\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u00a0ProductVersions\u00a0FixIBM Guardium Data Protection12.0 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026product=ibm/Information+Management/InfoSphere+Guardium\u0026release=12.0\u0026platform=Linux\u0026function=fixId\u0026fixids=SqlGuard-12.0p55_Bundle\u0026includeSupersedes=0\u0026source=fc IBM Guardium Data Protection12.1 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026product=ibm/Information+Management/InfoSphere+Guardium\u0026release=12.1\u0026platform=Linux\u0026function=fixId\u0026fixids=SqlGuard-12.0p140_Bundle\u0026includeSupersedes=0\u0026source=fc IBM Guardium Data Protection12.2 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026product=ibm/Information+Management/InfoSphere+Guardium\u0026release=12.2\u0026platform=Linux\u0026function=fixId\u0026fixids=SqlGuard-12.0p210_GPU_Dec_2025_V12.2.1_FC\u0026includeSupersedes=0\u0026source=fc"
}
],
"title": "IBM Guardium Data Protection is affected by multiple vulnerabilities",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1274",
"datePublished": "2026-04-22T23:30:59.128Z",
"dateReserved": "2026-01-20T21:55:55.165Z",
"dateUpdated": "2026-04-23T12:50:23.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5935 (GCVE-0-2026-5935)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:30 – Updated: 2026-04-23 13:57
VLAI?
Title
TSSC/IMC is vulnerable to OS Command Injection
Summary
IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.
Severity ?
7.3 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Total Storage Service Console (TSSC) / TS4500 IMC |
Affected:
9.2.0 , ≤ 9.6.0
(semver)
cpe:2.3:a:ibm:total_storage_service_console_tssc__ts4500_imc:9.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:total_storage_service_console_tssc__ts4500_imc:9.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T13:57:07.349653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:57:14.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:total_storage_service_console_tssc__ts4500_imc:9.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:total_storage_service_console_tssc__ts4500_imc:9.2.0:*:*:*:*:*:*:*"
],
"product": "Total Storage Service Console (TSSC) / TS4500 IMC",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "9.6.0",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC\u0026nbsp;could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.\u003c/p\u003e"
}
],
"value": "IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC\u00a0could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T23:30:08.449Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7270127"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eVersion(s)\u003c/td\u003e\u003ctd\u003eRemediation/Fix/Instructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTotal Storage Service Console (TSSC) / TS4500 IMC\u003c/td\u003e\u003ctd\u003e9.4.14, 9.4.21, 9.4.26, 9.6.10, 9.5.8,\u003c/td\u003e\u003ctd\u003e\u003cp\u003eUpgrade to 9.4.31/9.6.15\u003c/p\u003e\u003cp\u003eDownload patch 9.X.X_FixOSCommandInjection_2026-04-06 or 9.X.X_FixOSCommandInjection_2026-04-06 and execute on TSSC/IMC system.\u003c/p\u003e\u003cp\u003ePlease see instructions below.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTotal Storage Service Console (TSSC) / TS4500 IMC\u003c/td\u003e\u003ctd\u003e9.4.31,\u0026nbsp; 9.6.15\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDownload patch 9.X.X_FixOSCommandInjection_2026-04-06 or 9.X.X_FixOSCommandInjection_2026-04-06 and execute on TSSC/IMC system.\u003c/p\u003e\u003cp\u003ePlease see instructions below.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eFor information on how to download the patch please refer to the following page:\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/tssc?topic=acquisition-available-updates\" rel=\"nofollow\"\u003eAvailable Updates\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Affected Product(s)Version(s)Remediation/Fix/InstructionsTotal Storage Service Console (TSSC) / TS4500 IMC9.4.14, 9.4.21, 9.4.26, 9.6.10, 9.5.8,Upgrade to 9.4.31/9.6.15\n\nDownload patch 9.X.X_FixOSCommandInjection_2026-04-06 or 9.X.X_FixOSCommandInjection_2026-04-06 and execute on TSSC/IMC system.\n\nPlease see instructions below.\n\nTotal Storage Service Console (TSSC) / TS4500 IMC9.4.31,\u00a0 9.6.15Download patch 9.X.X_FixOSCommandInjection_2026-04-06 or 9.X.X_FixOSCommandInjection_2026-04-06 and execute on TSSC/IMC system.\n\nPlease see instructions below.\n\n\n\n\n\nFor information on how to download the patch please refer to the following page:\u00a0 Available Updates https://www.ibm.com/docs/en/tssc"
}
],
"title": "TSSC/IMC is vulnerable to OS Command Injection",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-5935",
"datePublished": "2026-04-22T23:30:08.449Z",
"dateReserved": "2026-04-09T00:42:21.168Z",
"dateUpdated": "2026-04-23T13:57:14.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4917 (GCVE-0-2026-4917)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:27 – Updated: 2026-04-23 16:24
VLAI?
Title
IBM Guardium Data Protection is affected by multiple vulnerabilities
Summary
IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Guardium Data Protection |
Affected:
12.1
(semver)
cpe:2.3:a:ibm:guardium_data_protection:12.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_data_protection:12.1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T14:04:33.173631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T16:24:06.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:guardium_data_protection:12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_data_protection:12.1.0:*:*:*:*:*:*:*"
],
"product": "Guardium Data Protection",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "benjamin.dixon.vaca8k@statefarm.com, benjamin.dixon.vaca8k@statefarm.com, benjamin.dixon.vaca8k@statefarm.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to write arbitrary files on the system.\u003c/p\u003e"
}
],
"value": "IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to write arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T23:27:45.961Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7270422"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003e\u0026nbsp;Product\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersions\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003e\u0026nbsp;Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Data Protection\u003c/td\u003e\u003ctd\u003e12.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p140_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p140_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\u00a0ProductVersions\u00a0FixIBM Guardium Data Protection12.1https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p140_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc"
}
],
"title": "IBM Guardium Data Protection is affected by multiple vulnerabilities",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-4917",
"datePublished": "2026-04-22T23:27:45.961Z",
"dateReserved": "2026-03-26T17:42:57.635Z",
"dateUpdated": "2026-04-23T16:24:06.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4918 (GCVE-0-2026-4918)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:26 – Updated: 2026-04-23 12:50
VLAI?
Title
IBM Guardium Data Protection is affected by multiple vulnerabilities
Summary
IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Guardium Data Protection |
Affected:
12.1.0
(semver)
cpe:2.3:a:ibm:guardium_data_protection:12.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_data_protection:12.1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T12:50:49.171124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T12:50:59.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:guardium_data_protection:12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_data_protection:12.1.0:*:*:*:*:*:*:*"
],
"product": "Guardium Data Protection",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "benjamin.dixon.vaca8k@statefarm.com, benjamin.dixon.vaca8k@statefarm.com, benjamin.dixon.vaca8k@statefarm.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
}
],
"value": "IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T23:26:38.626Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7270422"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003e\u0026nbsp;Product\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersions\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003e\u0026nbsp;Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Data Protection\u003c/td\u003e\u003ctd\u003e12.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p140_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p140_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u00a0ProductVersions\u00a0FixIBM Guardium Data Protection12.1 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026product=ibm/Information+Management/InfoSphere+Guardium\u0026release=12.1\u0026platform=Linux\u0026function=fixId\u0026fixids=SqlGuard-12.0p140_Bundle\u0026includeSupersedes=0\u0026source=fc"
}
],
"title": "IBM Guardium Data Protection is affected by multiple vulnerabilities",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-4918",
"datePublished": "2026-04-22T23:26:38.626Z",
"dateReserved": "2026-03-26T17:42:59.745Z",
"dateUpdated": "2026-04-23T12:50:59.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4919 (GCVE-0-2026-4919)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:23 – Updated: 2026-04-23 13:56
VLAI?
Title
IBM Guardium Data Protection is affected by multiple vulnerabilities
Summary
IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Guardium Data Protection |
Affected:
12.1 , ≤ 26.0.0.4
(semver)
cpe:2.3:a:ibm:guardium_data_protection:12.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_data_protection:12.1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T13:56:37.721296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:56:47.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:guardium_data_protection:12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_data_protection:12.1.0:*:*:*:*:*:*:*"
],
"product": "Guardium Data Protection",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "26.0.0.4",
"status": "affected",
"version": "12.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "benjamin.dixon.vaca8k@statefarm.com, benjamin.dixon.vaca8k@statefarm.com, benjamin.dixon.vaca8k@statefarm.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
}
],
"value": "IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T23:23:34.961Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7270422"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003e\u0026nbsp;Product\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersions\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003e\u0026nbsp;Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Data Protection\u003c/td\u003e\u003ctd\u003e12.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p140_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Information+Management/InfoSphere+Guardium\u0026amp;release=12.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=SqlGuard-12.0p140_Bundle\u0026amp;includeSupersedes=0\u0026amp;source=fc\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u00a0ProductVersions\u00a0FixIBM Guardium Data Protection12.1 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026product=ibm/Information+Management/InfoSphere+Guardium\u0026release=12.1\u0026platform=Linux\u0026function=fixId\u0026fixids=SqlGuard-12.0p140_Bundle\u0026includeSupersedes=0\u0026source=fc"
}
],
"title": "IBM Guardium Data Protection is affected by multiple vulnerabilities",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-4919",
"datePublished": "2026-04-22T23:23:34.961Z",
"dateReserved": "2026-03-26T17:43:00.577Z",
"dateUpdated": "2026-04-23T13:56:47.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3621 (GCVE-0-2026-3621)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:07 – Updated: 2026-04-23 16:24
VLAI?
Title
IBM WebSphere Application Server Liberty is affected by identity spoofing
Summary
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.
Severity ?
7.5 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Application Server - Liberty |
Affected:
17.0.0.3 , ≤ 26.0.0.4
(semver)
cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T13:51:42.101697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T16:24:19.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.4:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server - Liberty",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "26.0.0.4",
"status": "affected",
"version": "17.0.0.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T23:07:31.595Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7270437"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH70352. IBM WebSphere Application Server Liberty is affected by identity spoofing only when the appSecurity feature (appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0) is\u00a0\u003cstrong\u003enot enabled\u003c/strong\u003e on the server. To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to \u003ca href=\"https://www.ibm.com/support/pages/node/6553910\" rel=\"nofollow\"\u003eHow to determine if Liberty is using a specific feature\u003c/a\u003e.\u00a0\u003cbr/\u003e\u003cbr/\u003e\u003cstrong\u003eFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.4:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7270436\" rel=\"nofollow\"\u003ePH70352\u003c/a\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Liberty Fix Pack 26.0.0.5 or later (targeted availability 2Q2026).\u00a0\u003cbr/\u003e\u003cbr/\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH70352. IBM WebSphere Application Server Liberty is affected by identity spoofing only when the appSecurity feature (appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0) is\u00a0not enabled on the server. To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to How to determine if Liberty is using a specific feature https://www.ibm.com/support/pages/node/6553910 .\u00a0\n\nFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.4:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH70352 https://www.ibm.com/support/pages/node/7270436 \n--OR--\n\u00b7 Apply Liberty Fix Pack 26.0.0.5 or later (targeted availability 2Q2026).\u00a0\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server Liberty is affected by identity spoofing",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-3621",
"datePublished": "2026-04-22T23:07:31.595Z",
"dateReserved": "2026-03-05T21:53:23.170Z",
"dateUpdated": "2026-04-23T16:24:19.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4788 (GCVE-0-2026-4788)
Vulnerability from cvelistv5 – Published: 2026-04-08 00:20 – Updated: 2026-04-09 03:56
VLAI?
Title
Multiple Vulnerabilities affect IBM Tivoli Netcool Impact
Summary
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.
Severity ?
8.4 (High)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Netcool Impact |
Affected:
7.1.0.0 , ≤ 7.1.0.37
(semver)
cpe:2.3:a:ibm:tivoli_netcool_impact:7.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_netcool_impact:7.1.0.37:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T03:56:00.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_netcool_impact:7.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_netcool_impact:7.1.0.37:*:*:*:*:*:*:*"
],
"product": "Tivoli Netcool Impact",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.1.0.37",
"status": "affected",
"version": "7.1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.\u003c/p\u003e"
}
],
"value": "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T00:20:03.695Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268267"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerability now by upgrading to 7.1.0 FP38\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVRMF\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Tivoli Netcool Impact\u003c/td\u003e\u003ctd\u003e7.1.0.38\u003c/td\u003e\u003ctd\u003eUpgrade to \u003ca href=\"https://www.ibm.com/support/pages/node/7184732\" rel=\"nofollow\"\u003eIBM Tivoli Netcool Impact 7.1.0 Fix Pack 38\u003c/a\u003e or later.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 7.1.0 FP38\n\nProductVRMFRemediationIBM Tivoli Netcool Impact7.1.0.38Upgrade to IBM Tivoli Netcool Impact 7.1.0 Fix Pack 38 https://www.ibm.com/support/pages/node/7184732 or later."
}
],
"title": "Multiple Vulnerabilities affect IBM Tivoli Netcool Impact",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-4788",
"datePublished": "2026-04-08T00:20:03.695Z",
"dateReserved": "2026-03-24T19:37:42.923Z",
"dateUpdated": "2026-04-09T03:56:00.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3357 (GCVE-0-2026-3357)
Vulnerability from cvelistv5 – Published: 2026-04-08 00:19 – Updated: 2026-04-08 15:41
VLAI?
Title
IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file
Summary
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.
Severity ?
8.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Langflow Desktop |
Affected:
1.6.0 , ≤ 1.8.2
(semver)
cpe:2.3:a:ibm:langflow_desktop:1.6.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:langflow_desktop:1.8.2:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T15:41:44.331099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T15:41:55.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:langflow_desktop:1.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:langflow_desktop:1.8.2:*:*:*:*:*:*:*"
],
"product": "Langflow Desktop",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.8.2",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability was reported to IBM by Weblover."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.\u003c/p\u003e"
}
],
"value": "IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T00:19:11.414Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268428"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM recommends addressing the vulnerability now by upgrading to IBM Langflow Desktop 1.8.3 or newer\u0026nbsp;\u003ca href=\"https://www.langflow.org/blog/langflow-1-8-desktop\" rel=\"nofollow\"\u003ehttps://www.langflow.org/blog/langflow-1-8-desktop\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf you are already using Langflow Desktop, upgrade in the application to version 1.8.3\u003c/p\u003e\u003cp\u003eTo install Langflow Desktop for the first time, visit \u003ca href=\"https://langflow.org/desktop\" rel=\"nofollow\"\u003eDownload Langflow Desktop\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "IBM recommends addressing the vulnerability now by upgrading to IBM Langflow Desktop 1.8.3 or newer\u00a0 https://www.langflow.org/blog/langflow-1-8-desktop \n\nIf you are already using Langflow Desktop, upgrade in the application to version 1.8.3\n\nTo install Langflow Desktop for the first time, visit Download Langflow Desktop https://langflow.org/desktop ."
}
],
"title": "IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-3357",
"datePublished": "2026-04-08T00:19:11.414Z",
"dateReserved": "2026-02-27T18:17:58.431Z",
"dateUpdated": "2026-04-08T15:41:55.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1346 (GCVE-0-2026-1346)
Vulnerability from cvelistv5 – Published: 2026-04-08 00:15 – Updated: 2026-04-09 03:55
VLAI?
Title
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than required.
Severity ?
9.3 (Critical)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Verify Identity Access Container |
Affected:
11.0 , ≤ 11.0.2
(semver)
cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:* |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T03:55:59.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than required.\u003c/p\u003e"
}
],
"value": "IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than required."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T00:15:23.663Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268253"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAppliance:\u00a0\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eAffected Products and Versions\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eFix availability\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Verify Identity Access 11.0 - 11.0.2\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Verify+Identity+Access\u0026amp;fixids=11.0.2.0-ISS-IVIA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Verify Identity Access v11.0.2 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Security Verify Access 10.0 - 10.0.9.1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Security+Verify+Access\u0026amp;fixids=10.0.9.1-ISS-ISVA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Security Verify Access v10.0.9.1 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/thead\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eContainer:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://docs.verify.ibm.com/ibm-security-verify-access/docs/containers\" rel=\"nofollow\"\u003eContainer Download\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\n\n\nAppliance:\u00a0\n\nAffected Products and Versions\n\nFix availability\n\nIBM Verify Identity Access 11.0 - 11.0.2\n\n Download IBM Verify Identity Access v11.0.2 IF1 https://www.ibm.com/support/fixcentral/quickorder \n\nIBM Security Verify Access 10.0 - 10.0.9.1\n\n Download IBM Security Verify Access v10.0.9.1 IF1 https://www.ibm.com/support/fixcentral/quickorder \n\n\n\n\n\nContainer:\n\n Container Download https://docs.verify.ibm.com/ibm-security-verify-access/docs/containers"
}
],
"title": "Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1346",
"datePublished": "2026-04-08T00:15:23.663Z",
"dateReserved": "2026-01-22T16:31:45.579Z",
"dateUpdated": "2026-04-09T03:55:59.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1343 (GCVE-0-2026-1343)
Vulnerability from cvelistv5 – Published: 2026-04-08 00:10 – Updated: 2026-04-08 16:14
VLAI?
Title
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy.
Severity ?
7.2 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Verify Identity Access Container |
Affected:
11.0 , ≤ 11.0.2
(semver)
cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:* |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T15:44:04.946640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:14:21.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy.\u003c/p\u003e"
}
],
"value": "IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T00:10:18.572Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268253"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAppliance:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eAffected Products and Versions\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eFix availability\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Verify Identity Access 11.0 - 11.0.2\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Verify+Identity+Access\u0026amp;fixids=11.0.2.0-ISS-IVIA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Verify Identity Access v11.0.2 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Security Verify Access 10.0 - 10.0.9.1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Security+Verify+Access\u0026amp;fixids=10.0.9.1-ISS-ISVA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Security Verify Access v10.0.9.1 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/thead\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eContainer:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://docs.verify.ibm.com/ibm-security-verify-access/docs/containers\" rel=\"nofollow\"\u003eContainer Download\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\n\n\nAppliance:\u00a0\n\nAffected Products and Versions\n\nFix availability\n\nIBM Verify Identity Access 11.0 - 11.0.2\n\n Download IBM Verify Identity Access v11.0.2 IF1 https://www.ibm.com/support/fixcentral/quickorder \n\nIBM Security Verify Access 10.0 - 10.0.9.1\n\n Download IBM Security Verify Access v10.0.9.1 IF1 https://www.ibm.com/support/fixcentral/quickorder \n\n\n\n\n\nContainer:\n\n Container Download https://docs.verify.ibm.com/ibm-security-verify-access/docs/containers"
}
],
"title": "Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1343",
"datePublished": "2026-04-08T00:10:18.572Z",
"dateReserved": "2026-01-22T15:42:45.227Z",
"dateUpdated": "2026-04-08T16:14:21.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1342 (GCVE-0-2026-1342)
Vulnerability from cvelistv5 – Published: 2026-04-07 23:21 – Updated: 2026-04-08 14:24
VLAI?
Title
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.
Severity ?
8.5 (High)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Verify Identity Access Container |
Affected:
11.0 , ≤ 11.0.2
(semver)
cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:* |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T14:23:55.477694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T14:24:08.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.\u003c/p\u003e"
}
],
"value": "IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T23:27:25.108Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268253"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003e\u003cbr\u003eIBM encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAppliance:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eAffected Products and Versions\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eFix availability\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Verify Identity Access 11.0 - 11.0.2\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Verify+Identity+Access\u0026amp;fixids=11.0.2.0-ISS-IVIA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Verify Identity Access v11.0.2 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Security Verify Access 10.0 - 10.0.9.1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Security+Verify+Access\u0026amp;fixids=10.0.9.1-ISS-ISVA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Security Verify Access v10.0.9.1 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/thead\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eContainer:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://docs.verify.ibm.com/ibm-security-verify-access/docs/containers\" rel=\"nofollow\"\u003eContainer Download\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\n\u00a0\n\nAppliance:\u00a0\n\nAffected Products and Versions\n\nFix availability\n\nIBM Verify Identity Access 11.0 - 11.0.2\n\n Download IBM Verify Identity Access v11.0.2 IF1 https://www.ibm.com/support/fixcentral/quickorder \n\nIBM Security Verify Access 10.0 - 10.0.9.1\n\n Download IBM Security Verify Access v10.0.9.1 IF1 https://www.ibm.com/support/fixcentral/quickorder \n\n\n\n\u00a0\n\nContainer:\n\n Container Download https://docs.verify.ibm.com/ibm-security-verify-access/docs/containers"
}
],
"title": "Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNone\u003c/p\u003e\u003cp\u003eNone\u003c/p\u003e"
}
],
"value": "None\n\nNone"
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1342",
"datePublished": "2026-04-07T23:21:17.074Z",
"dateReserved": "2026-01-22T15:34:08.326Z",
"dateUpdated": "2026-04-08T14:24:08.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13044 (GCVE-0-2025-13044)
Vulnerability from cvelistv5 – Published: 2026-04-07 01:07 – Updated: 2026-04-07 16:24
VLAI?
Title
Multiple Vulnerabilities in IBM Concert Software
Summary
IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
Severity ?
6.2 (Medium)
CWE
- CWE-340 - Generation of Predictable Numbers or Identifiers
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T16:24:46.603148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T16:24:57.410Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:concert:2.2.0:*:*:*:*:*:*:*"
],
"product": "Concert",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.2.0",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.\u003c/p\u003e"
}
],
"value": "IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T01:07:38.740Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268620"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1 Download IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.\u003c/p\u003e\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1\u003c/p\u003e\u003cp\u003eDownload IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1 Download IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.\n\nIBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1\n\nDownload IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment."
}
],
"title": "Multiple Vulnerabilities in IBM Concert Software",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNone\u003c/p\u003e\u003cp\u003eNone\u003c/p\u003e"
}
],
"value": "None\n\nNone"
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13044",
"datePublished": "2026-04-07T01:07:38.740Z",
"dateReserved": "2025-11-11T22:42:06.302Z",
"dateUpdated": "2026-04-07T16:24:57.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66487 (GCVE-0-2025-66487)
Vulnerability from cvelistv5 – Published: 2026-04-01 23:04 – Updated: 2026-04-02 13:32
VLAI?
Title
Multiple vulnerabilities have been addressed in IBM Aspera Shares
Summary
IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Affected:
1.9.9 , ≤ 1.11.0
(semver)
cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T13:26:08.899882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:32:28.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:*"
],
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.11.0",
"status": "affected",
"version": "1.9.9",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.\u003c/p\u003e"
}
],
"value": "IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T23:04:18.779Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7267848"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Shares\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e1.11.1\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eWindows\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Aspera+Shares\u0026amp;release=1.11.1\u0026amp;platform=Windows\u0026amp;function=all\" rel=\"nofollow\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Shares\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e1.11.1\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Aspera+Shares\u0026amp;release=1.11.1\u0026amp;platform=Linux\u0026amp;function=all\" rel=\"nofollow\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Product(s)Fixing VRMPlatformLink to FixIBM Aspera Shares1.11.1\n\nWindows click here https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Aspera Shares1.11.1\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"title": "Multiple vulnerabilities have been addressed in IBM Aspera Shares",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-66487",
"datePublished": "2026-04-01T23:04:18.779Z",
"dateReserved": "2025-12-02T18:42:37.817Z",
"dateUpdated": "2026-04-02T13:32:28.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66486 (GCVE-0-2025-66486)
Vulnerability from cvelistv5 – Published: 2026-04-01 23:03 – Updated: 2026-04-03 13:56
VLAI?
Title
Multiple vulnerabilities have been addressed in IBM Aspera Shares
Summary
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Severity ?
4.8 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Affected:
1.9.9 , ≤ 1.11.0
(semver)
cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T13:44:59.330335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T13:56:04.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:*"
],
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.11.0",
"status": "affected",
"version": "1.9.9",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.\u003c/p\u003e"
}
],
"value": "IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T23:03:45.642Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7267848"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Shares\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e1.11.1\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eWindows\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Aspera+Shares\u0026amp;release=1.11.1\u0026amp;platform=Windows\u0026amp;function=all\" rel=\"nofollow\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Shares\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e1.11.1\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Aspera+Shares\u0026amp;release=1.11.1\u0026amp;platform=Linux\u0026amp;function=all\" rel=\"nofollow\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Product(s)Fixing VRMPlatformLink to FixIBM Aspera Shares1.11.1\n\nWindows click here https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Aspera Shares1.11.1\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"title": "Multiple vulnerabilities have been addressed in IBM Aspera Shares",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-66486",
"datePublished": "2026-04-01T23:03:45.642Z",
"dateReserved": "2025-12-02T18:42:37.817Z",
"dateUpdated": "2026-04-03T13:56:04.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66485 (GCVE-0-2025-66485)
Vulnerability from cvelistv5 – Published: 2026-04-01 23:01 – Updated: 2026-04-02 18:10
VLAI?
Title
Multiple vulnerabilities have been addressed in IBM Aspera Shares
Summary
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
Severity ?
5.4 (Medium)
CWE
- CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Affected:
1.9.9 , ≤ 1.11.0
(semver)
cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T18:10:16.428652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:10:25.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:*"
],
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.11.0",
"status": "affected",
"version": "1.9.9",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. \u0026nbsp;This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.\u003c/p\u003e"
}
],
"value": "IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. \u00a0This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T23:01:47.211Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7267848"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Shares\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e1.11.1\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eWindows\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Aspera+Shares\u0026amp;release=1.11.1\u0026amp;platform=Windows\u0026amp;function=all\" rel=\"nofollow\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Shares\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e1.11.1\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Aspera+Shares\u0026amp;release=1.11.1\u0026amp;platform=Linux\u0026amp;function=all\" rel=\"nofollow\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Product(s)Fixing VRMPlatformLink to FixIBM Aspera Shares1.11.1\n\nWindows click here https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Aspera Shares1.11.1\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"title": "Multiple vulnerabilities have been addressed in IBM Aspera Shares",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-66485",
"datePublished": "2026-04-01T23:01:47.211Z",
"dateReserved": "2025-12-02T18:42:37.817Z",
"dateUpdated": "2026-04-02T18:10:25.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66484 (GCVE-0-2025-66484)
Vulnerability from cvelistv5 – Published: 2026-04-01 22:59 – Updated: 2026-04-02 13:49
VLAI?
Title
Multiple vulnerabilities have been addressed in IBM Aspera Shares
Summary
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Affected:
1.9.9 , ≤ 1.11.0
(semver)
cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T13:49:54.742011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:49:58.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:*"
],
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.11.0",
"status": "affected",
"version": "1.9.9",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
}
],
"value": "IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T23:00:17.738Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7267848"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Shares\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e1.11.1\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eWindows\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Aspera+Shares\u0026amp;release=1.11.1\u0026amp;platform=Windows\u0026amp;function=all\" rel=\"nofollow\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Shares\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e1.11.1\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Aspera+Shares\u0026amp;release=1.11.1\u0026amp;platform=Linux\u0026amp;function=all\" rel=\"nofollow\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Product(s)Fixing VRMPlatformLink to FixIBM Aspera Shares1.11.1\n\nWindows click here https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Aspera Shares1.11.1\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"title": "Multiple vulnerabilities have been addressed in IBM Aspera Shares",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-66484",
"datePublished": "2026-04-01T22:59:29.254Z",
"dateReserved": "2025-12-02T18:42:37.816Z",
"dateUpdated": "2026-04-02T13:49:58.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66483 (GCVE-0-2025-66483)
Vulnerability from cvelistv5 – Published: 2026-04-01 22:56 – Updated: 2026-04-02 13:33
VLAI?
Title
Multiple vulnerabilities have been addressed in IBM Aspera Shares
Summary
IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
Severity ?
6.3 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Affected:
1.9.9 , ≤ 1.11.0
(semver)
cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T13:28:26.034596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:33:16.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:*"
],
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.11.0",
"status": "affected",
"version": "1.9.9",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.\u003c/p\u003e"
}
],
"value": "IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T22:56:38.441Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7267848"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Shares\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e1.11.1\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eWindows\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Aspera+Shares\u0026amp;release=1.11.1\u0026amp;platform=Windows\u0026amp;function=all\" rel=\"nofollow\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Shares\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e1.11.1\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Aspera+Shares\u0026amp;release=1.11.1\u0026amp;platform=Linux\u0026amp;function=all\" rel=\"nofollow\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Product(s)Fixing VRMPlatformLink to FixIBM Aspera Shares1.11.1\n\nWindows click here https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Aspera Shares1.11.1\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"title": "Multiple vulnerabilities have been addressed in IBM Aspera Shares",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-66483",
"datePublished": "2026-04-01T22:56:38.441Z",
"dateReserved": "2025-12-02T18:42:37.816Z",
"dateUpdated": "2026-04-02T13:33:16.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36375 (GCVE-0-2025-36375)
Vulnerability from cvelistv5 – Published: 2026-04-01 22:50 – Updated: 2026-04-03 13:56
VLAI?
Title
IBM DataPower Gateway vulnerable to CSRF
Summary
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Severity ?
6.5 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | DataPower Gateway 10.6CD |
Affected:
10.6.1.0 , ≤ 10.6.5.0
(semver)
cpe:2.3:a:ibm:datapower_gateway_106cd:10.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:datapower_gateway_106cd:10.6.5.0:*:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T13:45:08.878992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T13:56:04.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datapower_gateway_106cd:10.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datapower_gateway_106cd:10.6.5.0:*:*:*:*:*:*:*"
],
"product": "DataPower Gateway 10.6CD",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.6.5.0",
"status": "affected",
"version": "10.6.1.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:datapower_gateway_1050:10.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datapower_gateway_1050:10.5.0.20:*:*:*:*:*:*:*"
],
"product": "DataPower Gateway 10.5.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.5.0.20",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:datapower_gateway_1060:10.6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datapower_gateway_1060:10.6.0.8:*:*:*:*:*:*:*"
],
"product": "DataPower Gateway 10.6.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.6.0.8",
"status": "affected",
"version": "10.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Acknowledgement This vulnerability was reported to IBM by Maciej W\u0142odarczyk \u0026 Micha\u0142 Bartoszuk @ STM Cyber."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.\u003c/p\u003e"
}
],
"value": "IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T22:50:51.697Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268034"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cbr\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eFixed in Version\u003c/td\u003e\u003ctd\u003eFix link\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM DataPower Gateway 10.6CD 10.6.1.0 - 10.6.5.0\u003c/td\u003e\u003ctd\u003e10.6.6.0\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/datapower-gateway/10.6.x?topic=overview-release-notes#relnotes__install__title__1\" rel=\"nofollow\"\u003eInstallation and Upgrade 10.6.x\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM DataPower Gateway 10.6.0\u0026nbsp; 10.6.0.0 - 10.6.0.8\u003c/td\u003e\u003ctd\u003e10.6.0.9\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/datapower-gateway/10.6.0?topic=overview-release-notes#relnotes__install__title__1\" rel=\"nofollow\"\u003eInstallation and Upgrade 10.6.0\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM DataPower Gateway 10.5.0\u0026nbsp; 10.5.0.0 - 10.5.0.20\u003c/td\u003e\u003ctd\u003e10.5.0.21\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/datapower-gateway/10.5.0?topic=overview-release-notes#relnotes__install__title__1\" rel=\"nofollow\"\u003eInstallation and Upgrade 10.5.0\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly recommends upgrading to a fixed version\u003c/p\u003e"
}
],
"value": "Affected Product(s)Fixed in VersionFix linkIBM DataPower Gateway 10.6CD 10.6.1.0 - 10.6.5.010.6.6.0 Installation and Upgrade 10.6.x https://www.ibm.com/docs/en/datapower-gateway/10.6.x IBM DataPower Gateway 10.6.0\u00a0 10.6.0.0 - 10.6.0.810.6.0.9 Installation and Upgrade 10.6.0 https://www.ibm.com/docs/en/datapower-gateway/10.6.0 IBM DataPower Gateway 10.5.0\u00a0 10.5.0.0 - 10.5.0.2010.5.0.21 Installation and Upgrade 10.5.0 https://www.ibm.com/docs/en/datapower-gateway/10.5.0 \n\nIBM strongly recommends upgrading to a fixed version"
}
],
"title": "IBM DataPower Gateway vulnerable to CSRF",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36375",
"datePublished": "2026-04-01T22:50:51.697Z",
"dateReserved": "2025-04-15T21:16:56.325Z",
"dateUpdated": "2026-04-03T13:56:04.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2475 (GCVE-0-2026-2475)
Vulnerability from cvelistv5 – Published: 2026-04-01 20:56 – Updated: 2026-04-02 13:33
VLAI?
Title
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites.
Severity ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Verify Identity Access Container |
Affected:
11.0 , ≤ 11.0.2
(semver)
cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:* |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T13:29:38.941203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:33:36.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites.\u003c/p\u003e"
}
],
"value": "IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T20:57:50.289Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268253"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAppliance:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eAffected Products and Versions\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eFix availability\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Verify Identity Access 11.0 - 11.0.2\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Verify+Identity+Access\u0026amp;fixids=11.0.2.0-ISS-IVIA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Verify Identity Access v11.0.2 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Security Verify Access 10.0 - 10.0.9.1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Security+Verify+Access\u0026amp;fixids=10.0.9.1-ISS-ISVA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Security Verify Access v10.0.9.1 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/thead\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\n\u00a0\n\nAppliance:\u00a0\n\nAffected Products and Versions\n\nFix availability\n\nIBM Verify Identity Access 11.0 - 11.0.2\n\n Download IBM Verify Identity Access v11.0.2 IF1 https://www.ibm.com/support/fixcentral/quickorder \n\nIBM Security Verify Access 10.0 - 10.0.9.1\n\n Download IBM Security Verify Access v10.0.9.1 IF1 https://www.ibm.com/support/fixcentral/quickorder"
}
],
"title": "Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-2475",
"datePublished": "2026-04-01T20:56:21.887Z",
"dateReserved": "2026-02-13T15:48:57.782Z",
"dateUpdated": "2026-04-02T13:33:36.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4820 (GCVE-0-2026-4820)
Vulnerability from cvelistv5 – Published: 2026-04-01 20:54 – Updated: 2026-04-02 15:51
VLAI?
Title
IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag
Summary
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
Severity ?
4.3 (Medium)
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Application Suite |
Affected:
9.1.0 , ≤ 10.6.5.0
(semver)
Affected: 9.0 (semver) Affected: 8.11.0 (semver) Affected: 8.10 (semver) cpe:2.3:a:ibm:maximo_application_suite:9.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite:8.11.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite:8.10.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T15:51:25.221671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T15:51:44.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:maximo_application_suite:9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite:9.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite:8.11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite:8.10.0:*:*:*:*:*:*:*"
],
"product": "Maximo Application Suite",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.6.5.0",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.11.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.10",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.\u003c/p\u003e"
}
],
"value": "IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T20:54:09.417Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268028"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eRemediated Product(s)\u003c/td\u003e\u003ctd\u003eVersion(s)\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Maximo Application Suite\u003c/td\u003e\u003ctd\u003e9.1.8\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Maximo Application Suite\u003c/td\u003e\u003ctd\u003e9.0.19\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Maximo Application Suite\u003c/td\u003e\u003ctd\u003e8.11.30\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Maximo Application Suite\u003c/td\u003e\u003ctd\u003e8.10.33\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Remediated Product(s)Version(s)IBM Maximo Application Suite9.1.8IBM Maximo Application Suite9.0.19IBM Maximo Application Suite8.11.30IBM Maximo Application Suite8.10.33"
}
],
"title": "IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_\u003cworkspace_name\u003e was not set with secure flag",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-4820",
"datePublished": "2026-04-01T20:54:09.417Z",
"dateReserved": "2026-03-25T13:48:17.676Z",
"dateUpdated": "2026-04-02T15:51:44.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36373 (GCVE-0-2025-36373)
Vulnerability from cvelistv5 – Published: 2026-04-01 20:47 – Updated: 2026-04-02 15:49
VLAI?
Title
Incorrect administrative access control in IBM DataPower Gateway
Summary
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.
Severity ?
4.1 (Medium)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | DataPower Gateway 10.6CD |
Affected:
10.6.1.0 , ≤ 10.6.5.0
(semver)
cpe:2.3:a:ibm:datapower_gateway_106cd:10.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:datapower_gateway_106cd:10.6.5.0:*:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T15:48:55.294586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T15:49:19.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datapower_gateway_106cd:10.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datapower_gateway_106cd:10.6.5.0:*:*:*:*:*:*:*"
],
"product": "DataPower Gateway 10.6CD",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.6.5.0",
"status": "affected",
"version": "10.6.1.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:datapower_gateway_1050:10.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datapower_gateway_1050:10.5.0.20:*:*:*:*:*:*:*"
],
"product": "DataPower Gateway 10.5.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.5.0.20",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:datapower_gateway_1060:10.6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datapower_gateway_1060:10.6.0.8:*:*:*:*:*:*:*"
],
"product": "DataPower Gateway 10.6.0",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.6.0.8",
"status": "affected",
"version": "10.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Acknowledgement This vulnerability was reported to IBM by Micha\u0142 Bartoszuk \u0026 Maciej W\u0142odarczyk @ STM Cyber."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.\u003c/p\u003e"
}
],
"value": "IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T20:49:32.409Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7267833"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eFixed in version\u003c/td\u003e\u003ctd\u003eFix list\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM DataPower Gateway 10.6CD 10.6.1.0 - 10.6.5.0\u003c/td\u003e\u003ctd\u003e10.6.6.0\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/datapower-gateway/10.6.x?topic=overview-release-notes#relnotes__install__title__1\" rel=\"nofollow\"\u003eInstallation and Upgrade 10.6.x\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM DataPower Gateway 10.5.0.0 - 10.5.0.20\u003c/td\u003e\u003ctd\u003e10.5.0.21\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/datapower-gateway/10.5.0?topic=overview-release-notes#relnotes__install__title__1\" rel=\"nofollow\"\u003eInstallation and Upgrade 10.5.0\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM DataPower Gateway 10.6.0.0 - 10.6.0.8\u003c/td\u003e\u003ctd\u003e10.6.0.9\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/datapower-gateway/10.6.0?topic=overview-release-notes#relnotes__install__title__1\" rel=\"nofollow\"\u003eInstallation and Upgrade 10.6.0\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Affected Product(s)Fixed in versionFix listIBM DataPower Gateway 10.6CD 10.6.1.0 - 10.6.5.010.6.6.0 Installation and Upgrade 10.6.x https://www.ibm.com/docs/en/datapower-gateway/10.6.x IBM DataPower Gateway 10.5.0.0 - 10.5.0.2010.5.0.21 Installation and Upgrade 10.5.0 https://www.ibm.com/docs/en/datapower-gateway/10.5.0 IBM DataPower Gateway 10.6.0.0 - 10.6.0.810.6.0.9 Installation and Upgrade 10.6.0 https://www.ibm.com/docs/en/datapower-gateway/10.6.0"
}
],
"title": "Incorrect administrative access control in IBM DataPower Gateway",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36373",
"datePublished": "2026-04-01T20:47:46.485Z",
"dateReserved": "2025-04-15T21:16:56.325Z",
"dateUpdated": "2026-04-02T15:49:19.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13916 (GCVE-0-2025-13916)
Vulnerability from cvelistv5 – Published: 2026-04-01 20:46 – Updated: 2026-04-02 14:00
VLAI?
Title
Multiple vulnerabilities have been addressed in IBM Aspera Shares
Summary
IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
Severity ?
5.9 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Affected:
1.9.9 , ≤ 1.11.0
(semver)
cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T14:00:00.694221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T14:00:16.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:*"
],
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.11.0",
"status": "affected",
"version": "1.9.9",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information\u003c/p\u003e"
}
],
"value": "IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T20:46:19.519Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7267848"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Shares\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e1.11.1\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eWindows\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Aspera+Shares\u0026amp;release=1.11.1\u0026amp;platform=Windows\u0026amp;function=all\" rel=\"nofollow\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Shares\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e1.11.1\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/Aspera+Shares\u0026amp;release=1.11.1\u0026amp;platform=Linux\u0026amp;function=all\" rel=\"nofollow\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Product(s)Fixing VRMPlatformLink to FixIBM Aspera Shares1.11.1\n\nWindows click here https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Aspera Shares1.11.1\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"title": "Multiple vulnerabilities have been addressed in IBM Aspera Shares",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13916",
"datePublished": "2026-04-01T20:46:05.855Z",
"dateReserved": "2025-12-02T18:42:50.665Z",
"dateUpdated": "2026-04-02T14:00:16.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1491 (GCVE-0-2026-1491)
Vulnerability from cvelistv5 – Published: 2026-04-01 20:44 – Updated: 2026-04-08 00:18
VLAI?
Title
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.
Severity ?
5.3 (Medium)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Verify Identity Access Container |
Affected:
11.0 , ≤ 11.0.2
(semver)
cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:* |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T13:45:26.430568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T13:56:05.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.\u003c/p\u003e"
}
],
"value": "IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T00:18:04.049Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268253"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAppliance:\u00a0\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eAffected Products and Versions\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eFix availability\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Verify Identity Access 11.0 - 11.0.2\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Verify+Identity+Access\u0026amp;fixids=11.0.2.0-ISS-IVIA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Verify Identity Access v11.0.2 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Security Verify Access 10.0 - 10.0.9.1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Security+Verify+Access\u0026amp;fixids=10.0.9.1-ISS-ISVA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Security Verify Access v10.0.9.1 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/thead\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eContainer:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://docs.verify.ibm.com/ibm-security-verify-access/docs/containers\" rel=\"nofollow\"\u003eContainer Download\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.Appliance:\u00a0Affected Products and VersionsFix availabilityIBM Verify Identity Access 11.0 - 11.0.2Download IBM Verify Identity Access v11.0.2 IF1IBM Security Verify Access 10.0 - 10.0.9.1Download IBM Security Verify Access v10.0.9.1 IF1Container:Container Download"
}
],
"title": "Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1491",
"datePublished": "2026-04-01T20:44:24.310Z",
"dateReserved": "2026-01-27T14:29:01.426Z",
"dateUpdated": "2026-04-08T00:18:04.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2862 (GCVE-0-2026-2862)
Vulnerability from cvelistv5 – Published: 2026-04-01 20:41 – Updated: 2026-04-02 14:00
VLAI?
Title
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.
Severity ?
5.3 (Medium)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Verify Identity Access Container |
Affected:
11.0 , ≤ 11.0.2
(semver)
cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:* |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T14:00:36.904415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T14:00:43.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.\u003c/p\u003e"
}
],
"value": "IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T20:41:04.916Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268253"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cblockquote\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eAffected Products and Versions\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eFix availability\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Verify Identity Access 11.0 - 11.0.2\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Verify+Identity+Access\u0026amp;fixids=11.0.2.0-ISS-IVIA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Verify Identity Access v11.0.2 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Security Verify Access 10.0 - 10.0.9.1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Security+Verify+Access\u0026amp;fixids=10.0.9.1-ISS-ISVA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Security Verify Access v10.0.9.1 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/thead\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/blockquote\u003e"
}
],
"value": "Affected Products and Versions\n\nFix availability\n\nIBM Verify Identity Access 11.0 - 11.0.2\n\n Download IBM Verify Identity Access v11.0.2 IF1 https://www.ibm.com/support/fixcentral/quickorder \n\nIBM Security Verify Access 10.0 - 10.0.9.1\n\n Download IBM Security Verify Access v10.0.9.1 IF1 https://www.ibm.com/support/fixcentral/quickorder"
}
],
"title": "Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-2862",
"datePublished": "2026-04-01T20:41:04.916Z",
"dateReserved": "2026-02-20T14:15:32.610Z",
"dateUpdated": "2026-04-02T14:00:43.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1345 (GCVE-0-2026-1345)
Vulnerability from cvelistv5 – Published: 2026-04-01 20:39 – Updated: 2026-04-03 13:01
VLAI?
Title
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lower user privileges on the system due to improper validation of user supplied input.
Severity ?
7.3 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Verify Identity Access Container |
Affected:
11.0 , ≤ 11.0.2
(semver)
cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:* |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T03:55:34.211974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T13:01:57.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*"
],
"product": "Verify Identity Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*"
],
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.1",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lower user privileges on the system due to improper validation of user supplied input.\u003c/p\u003e"
}
],
"value": "IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lower user privileges on the system due to improper validation of user supplied input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T20:39:27.175Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268253"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAppliance:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eAffected Products and Versions\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eFix availability\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Verify Identity Access 11.0 - 11.0.2\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Verify+Identity+Access\u0026amp;fixids=11.0.2.0-ISS-IVIA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Verify Identity Access v11.0.2 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Security Verify Access 10.0 - 10.0.9.1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Security+Verify+Access\u0026amp;fixids=10.0.9.1-ISS-ISVA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Security Verify Access v10.0.9.1 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/thead\u003e\u003c/table\u003e\u003c/div\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\n\u00a0\n\nAppliance:\u00a0\n\nAffected Products and Versions\n\nFix availability\n\nIBM Verify Identity Access 11.0 - 11.0.2\n\n Download IBM Verify Identity Access v11.0.2 IF1 https://www.ibm.com/support/fixcentral/quickorder \n\nIBM Security Verify Access 10.0 - 10.0.9.1\n\n Download IBM Security Verify Access v10.0.9.1 IF1 https://www.ibm.com/support/fixcentral/quickorder"
}
],
"title": "Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1345",
"datePublished": "2026-04-01T20:39:27.175Z",
"dateReserved": "2026-01-22T16:25:31.568Z",
"dateUpdated": "2026-04-03T13:01:57.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}