anonhaven
Ad

CVE-2026-2475

MEDIUM CVSS 3.1: 4.7 EPSS 0.03%
Updated Apr 07, 2026
IBM
Parameter Value
CVSS 4.7 (MEDIUM)
Affected Versions 10.0.0.0 — 11.0.2.0
Type CWE-601 (Open Redirect)
Vendor IBM
Public PoC No

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
None
No data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-601 Open Redirect

Vulnerable Products 4

Configuration From (including) Up to (excluding)
Ibm Security_Verify_Access
cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*
 10.0.0.0 <= 10.0.9.1
Ibm Security_Verify_Access_Container
cpe:2.3:a:ibm:security_verify_access_container:*:*:*:*:*:*:*:*
 10.0.0.0 <= 10.0.9.1
Ibm Verify_Identity_Access
cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*
 11.0.0.0 <= 11.0.2.0
Ibm Verify_Identity_Access_Container
cpe:2.3:a:ibm:verify_identity_access_container:*:*:*:*:*:*:*:*
 11.0.0.0 <= 11.0.2.0

References 1

https://www.ibm.com/support/pages/node/7268253
psirt@us.ibm.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-13044

IBM

6.2

CVE-2026-1243

Microsoft

5.4

CVE-2025-66487

IBM

6.5

CVE-2025-66486

IBM

6.1

CVE-2025-66485

IBM

5.4