Search criteria
9 vulnerabilities found for verify_identity_access_docker by ibm
CVE-2025-36354 (GCVE-0-2025-36354)
Vulnerability from nvd – Published: 2025-10-06 16:53 – Updated: 2025-10-06 19:58
VLAI?
Title
IBM Security Verify Access command execution
Summary
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0
could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input.
Severity ?
7.3 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access Appliance |
Affected:
10.0.0.0 , ≤ 10.0.9.0 IF2
(semver)
Affected: 11.0.0.0 , ≤ 11.0.1.0 (semver) cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interm_fix2:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.1.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T19:58:30.805460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T19:58:39.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interm_fix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Appliance",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.0 IF2",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.1.0",
"status": "affected",
"version": "11.0.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interm_fix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.0 IF2",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.1.0",
"status": "affected",
"version": "11.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 \n\n\n\ncould allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T16:53:43.179Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247215"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access command execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36354",
"datePublished": "2025-10-06T16:53:43.179Z",
"dateReserved": "2025-04-15T21:16:54.209Z",
"dateUpdated": "2025-10-06T19:58:39.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36356 (GCVE-0-2025-36356)
Vulnerability from nvd – Published: 2025-10-06 16:50 – Updated: 2025-10-06 20:00
VLAI?
Title
IBM Security Verify Access privilege escalation
Summary
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.
Severity ?
9.3 (Critical)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access Appliance |
Affected:
10.0.0.0 , ≤ 10.0.9.0 IF2
(semver)
Affected: 11.0.0.0 , ≤ 11.0.1.0 (semver) cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interm_fix2:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.1.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T19:59:56.317105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T20:00:08.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interm_fix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Appliance",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.0 IF2",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.1.0",
"status": "affected",
"version": "11.0.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interm_fix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.0 IF2",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.1.0",
"status": "affected",
"version": "11.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required."
}
],
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T16:54:00.616Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247215"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36356",
"datePublished": "2025-10-06T16:50:48.729Z",
"dateReserved": "2025-04-15T21:16:54.209Z",
"dateUpdated": "2025-10-06T20:00:08.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36355 (GCVE-0-2025-36355)
Vulnerability from nvd – Published: 2025-10-06 16:52 – Updated: 2025-10-06 19:59
VLAI?
Title
IBM Security Verify Access code execution
Summary
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0
could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.
Severity ?
8.5 (High)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access Appliance |
Affected:
10.0.0.0 , ≤ 10.0.9.0 IF2
(semver)
Affected: 11.0.0.0 , ≤ 11.0.1.0 (semver) cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interm_fix2:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.1.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T19:59:22.629391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T19:59:35.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interm_fix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Appliance",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.0 IF2",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.1.0",
"status": "affected",
"version": "11.0.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interm_fix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.0 IF2",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.1.0",
"status": "affected",
"version": "11.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a locally authenticated user to execute malicious scripts from outside of its control sphere.\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 \n\ncould allow a locally authenticated user to execute malicious scripts from outside of its control sphere."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T16:52:30.705Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247215"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36355",
"datePublished": "2025-10-06T16:52:30.705Z",
"dateReserved": "2025-04-15T21:16:54.209Z",
"dateUpdated": "2025-10-06T19:59:35.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2025-36355
Vulnerability from fkie_nvd - Published: 2025-10-06 17:16 - Updated: 2025-12-15 19:23
Severity ?
Summary
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0
could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7247215 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_verify_access | * | |
| ibm | security_verify_access | 10.0.9.0 | |
| ibm | security_verify_access | 10.0.9.0 | |
| ibm | security_verify_access | 10.0.9.0 | |
| ibm | security_verify_access_docker | * | |
| ibm | security_verify_access_docker | 10.0.9.0 | |
| ibm | security_verify_access_docker | 10.0.9.0 | |
| ibm | security_verify_access_docker | 10.0.9.0 | |
| ibm | verify_identity_access | * | |
| ibm | verify_identity_access | 11.0.1.0 | |
| ibm | verify_identity_access_docker | * | |
| ibm | verify_identity_access_docker | 11.0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA4ADF8-014B-4A43-AE12-CC7D46B0F8BF",
"versionEndExcluding": "10.0.9.0",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9916DF0F-8A3E-4CB4-957F-286E168666A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interim_fix1:*:*:*:*:*:*",
"matchCriteriaId": "05FBA01C-DDCD-4B80-B14B-81DAB052CC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interim_fix2:*:*:*:*:*:*",
"matchCriteriaId": "149CA168-1117-4B50-8F5A-B72D4BCC65F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF4D7D4-0D01-44CA-84A2-2EA59802D1CB",
"versionEndExcluding": "10.0.9.0",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7E76C6CF-1E2A-403E-9C7F-619BE2057468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interim_fix1:*:*:*:*:*:*",
"matchCriteriaId": "B8BF3374-6B03-4A25-9F4D-F88C091804C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interim_fix2:*:*:*:*:*:*",
"matchCriteriaId": "C8D09601-F55B-4307-8BEE-218F5CAC2138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16595130-3A46-4DD1-9DAA-53E534306975",
"versionEndExcluding": "11.0.1.0",
"versionStartIncluding": "11.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:verify_identity_access:11.0.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4A7A934C-F8B6-44D1-9591-A3FDB86BEECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:verify_identity_access_docker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81BD4D96-C9E9-422B-B18A-61ECFE711884",
"versionEndExcluding": "11.0.1.0",
"versionStartIncluding": "11.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:verify_identity_access_docker:11.0.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "0C06D5AD-67DD-46FA-BDF7-39A2E0EAAF95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 \n\ncould allow a locally authenticated user to execute malicious scripts from outside of its control sphere."
}
],
"id": "CVE-2025-36355",
"lastModified": "2025-12-15T19:23:15.803",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.3,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-10-06T17:16:05.320",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7247215"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-36356
Vulnerability from fkie_nvd - Published: 2025-10-06 17:16 - Updated: 2025-12-15 19:20
Severity ?
Summary
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7247215 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_verify_access | * | |
| ibm | security_verify_access | 10.0.9.0 | |
| ibm | security_verify_access | 10.0.9.0 | |
| ibm | security_verify_access | 10.0.9.0 | |
| ibm | security_verify_access_docker | * | |
| ibm | security_verify_access_docker | 10.0.9.0 | |
| ibm | security_verify_access_docker | 10.0.9.0 | |
| ibm | security_verify_access_docker | 10.0.9.0 | |
| ibm | verify_identity_access | * | |
| ibm | verify_identity_access | 11.0.1.0 | |
| ibm | verify_identity_access_docker | * | |
| ibm | verify_identity_access_docker | 11.0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA4ADF8-014B-4A43-AE12-CC7D46B0F8BF",
"versionEndExcluding": "10.0.9.0",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9916DF0F-8A3E-4CB4-957F-286E168666A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interim_fix1:*:*:*:*:*:*",
"matchCriteriaId": "05FBA01C-DDCD-4B80-B14B-81DAB052CC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interim_fix2:*:*:*:*:*:*",
"matchCriteriaId": "149CA168-1117-4B50-8F5A-B72D4BCC65F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF4D7D4-0D01-44CA-84A2-2EA59802D1CB",
"versionEndExcluding": "10.0.9.0",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7E76C6CF-1E2A-403E-9C7F-619BE2057468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interim_fix1:*:*:*:*:*:*",
"matchCriteriaId": "B8BF3374-6B03-4A25-9F4D-F88C091804C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interim_fix2:*:*:*:*:*:*",
"matchCriteriaId": "C8D09601-F55B-4307-8BEE-218F5CAC2138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16595130-3A46-4DD1-9DAA-53E534306975",
"versionEndExcluding": "11.0.1.0",
"versionStartIncluding": "11.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:verify_identity_access:11.0.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4A7A934C-F8B6-44D1-9591-A3FDB86BEECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:verify_identity_access_docker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81BD4D96-C9E9-422B-B18A-61ECFE711884",
"versionEndExcluding": "11.0.1.0",
"versionStartIncluding": "11.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:verify_identity_access_docker:11.0.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "0C06D5AD-67DD-46FA-BDF7-39A2E0EAAF95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required."
}
],
"id": "CVE-2025-36356",
"lastModified": "2025-12-15T19:20:17.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-10-06T17:16:05.507",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7247215"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-36354
Vulnerability from fkie_nvd - Published: 2025-10-06 17:16 - Updated: 2025-12-15 19:23
Severity ?
Summary
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0
could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7247215 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_verify_access | * | |
| ibm | security_verify_access | 10.0.9.0 | |
| ibm | security_verify_access | 10.0.9.0 | |
| ibm | security_verify_access | 10.0.9.0 | |
| ibm | security_verify_access_docker | * | |
| ibm | security_verify_access_docker | 10.0.9.0 | |
| ibm | security_verify_access_docker | 10.0.9.0 | |
| ibm | security_verify_access_docker | 10.0.9.0 | |
| ibm | verify_identity_access | * | |
| ibm | verify_identity_access | 11.0.1.0 | |
| ibm | verify_identity_access_docker | * | |
| ibm | verify_identity_access_docker | 11.0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA4ADF8-014B-4A43-AE12-CC7D46B0F8BF",
"versionEndExcluding": "10.0.9.0",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9916DF0F-8A3E-4CB4-957F-286E168666A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interim_fix1:*:*:*:*:*:*",
"matchCriteriaId": "05FBA01C-DDCD-4B80-B14B-81DAB052CC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interim_fix2:*:*:*:*:*:*",
"matchCriteriaId": "149CA168-1117-4B50-8F5A-B72D4BCC65F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF4D7D4-0D01-44CA-84A2-2EA59802D1CB",
"versionEndExcluding": "10.0.9.0",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7E76C6CF-1E2A-403E-9C7F-619BE2057468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interim_fix1:*:*:*:*:*:*",
"matchCriteriaId": "B8BF3374-6B03-4A25-9F4D-F88C091804C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interim_fix2:*:*:*:*:*:*",
"matchCriteriaId": "C8D09601-F55B-4307-8BEE-218F5CAC2138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16595130-3A46-4DD1-9DAA-53E534306975",
"versionEndExcluding": "11.0.1.0",
"versionStartIncluding": "11.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:verify_identity_access:11.0.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4A7A934C-F8B6-44D1-9591-A3FDB86BEECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:verify_identity_access_docker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81BD4D96-C9E9-422B-B18A-61ECFE711884",
"versionEndExcluding": "11.0.1.0",
"versionStartIncluding": "11.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:verify_identity_access_docker:11.0.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "0C06D5AD-67DD-46FA-BDF7-39A2E0EAAF95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 \n\n\n\ncould allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input."
}
],
"id": "CVE-2025-36354",
"lastModified": "2025-12-15T19:23:22.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-10-06T17:16:05.127",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7247215"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
CVE-2025-36354 (GCVE-0-2025-36354)
Vulnerability from cvelistv5 – Published: 2025-10-06 16:53 – Updated: 2025-10-06 19:58
VLAI?
Title
IBM Security Verify Access command execution
Summary
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0
could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input.
Severity ?
7.3 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access Appliance |
Affected:
10.0.0.0 , ≤ 10.0.9.0 IF2
(semver)
Affected: 11.0.0.0 , ≤ 11.0.1.0 (semver) cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interm_fix2:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.1.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T19:58:30.805460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T19:58:39.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interm_fix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Appliance",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.0 IF2",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.1.0",
"status": "affected",
"version": "11.0.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interm_fix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.0 IF2",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.1.0",
"status": "affected",
"version": "11.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 \n\n\n\ncould allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T16:53:43.179Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247215"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access command execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36354",
"datePublished": "2025-10-06T16:53:43.179Z",
"dateReserved": "2025-04-15T21:16:54.209Z",
"dateUpdated": "2025-10-06T19:58:39.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36355 (GCVE-0-2025-36355)
Vulnerability from cvelistv5 – Published: 2025-10-06 16:52 – Updated: 2025-10-06 19:59
VLAI?
Title
IBM Security Verify Access code execution
Summary
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0
could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.
Severity ?
8.5 (High)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access Appliance |
Affected:
10.0.0.0 , ≤ 10.0.9.0 IF2
(semver)
Affected: 11.0.0.0 , ≤ 11.0.1.0 (semver) cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interm_fix2:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.1.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T19:59:22.629391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T19:59:35.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interm_fix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Appliance",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.0 IF2",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.1.0",
"status": "affected",
"version": "11.0.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interm_fix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.0 IF2",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.1.0",
"status": "affected",
"version": "11.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a locally authenticated user to execute malicious scripts from outside of its control sphere.\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 \n\ncould allow a locally authenticated user to execute malicious scripts from outside of its control sphere."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T16:52:30.705Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247215"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36355",
"datePublished": "2025-10-06T16:52:30.705Z",
"dateReserved": "2025-04-15T21:16:54.209Z",
"dateUpdated": "2025-10-06T19:59:35.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36356 (GCVE-0-2025-36356)
Vulnerability from cvelistv5 – Published: 2025-10-06 16:50 – Updated: 2025-10-06 20:00
VLAI?
Title
IBM Security Verify Access privilege escalation
Summary
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.
Severity ?
9.3 (Critical)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access Appliance |
Affected:
10.0.0.0 , ≤ 10.0.9.0 IF2
(semver)
Affected: 11.0.0.0 , ≤ 11.0.1.0 (semver) cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interm_fix2:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.1.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T19:59:56.317105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T20:00:08.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interm_fix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Appliance",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.0 IF2",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.1.0",
"status": "affected",
"version": "11.0.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interm_fix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9.0 IF2",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.1.0",
"status": "affected",
"version": "11.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required."
}
],
"value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T16:54:00.616Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247215"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36356",
"datePublished": "2025-10-06T16:50:48.729Z",
"dateReserved": "2025-04-15T21:16:54.209Z",
"dateUpdated": "2025-10-06T20:00:08.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}