SecuriTricks - CVE-2026-2475

Description

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites.

Product(s) Impacted

Vendor	Product	Versions
Ibm	Verify Identity Access Container Security Verify Access Container Verify Identity Access Security Verify Access	11.0-11.0.2 10.0-10.0.9.1 11.0-11.0.2 10.0-10.0.9.1

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	ibm	verify_identity_access_container	11.0-11.0.2	/	/	/	/	/	/	/
a	ibm	security_verify_access_container	10.0-10.0.9.1	/	/	/	/	/	/	/
a	ibm	verify_identity_access	11.0-11.0.2	/	/	/	/	/	/	/
a	ibm	security_verify_access	10.0-10.0.9.1	/	/	/	/	/	/	/

References

https://www.ibm.com/support/pages/node/7268253

CVSS Score

3.1 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: HIGH
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: LOW
Availability Impact: NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

View Vector String

Timeline

Published: April 1, 2026, 9:16 p.m.
Last Modified: April 1, 2026, 9:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-2475