IBM Issues Urgent Patches for IAM Software's Severe Security Flaws
IBM has issued urgent security patches for its Identity and Access Management (IAM) software. The updates address critical vulnerabilities that could allow attackers to execute malicious scripts, escalate privileges, and run arbitrary commands.
The affected products, IBM Security Verify Access and IBM Verify Identity Access, have been found to have severe security flaws. Locally logged-in users can execute scripts from outside their control area (CVE-2025-36355, CVSS 8.5, high risk) and even escalate their privileges to 'root' (CVE-2025-36356, CVSS 9.3, critical risk).
Unauthenticated users can also exploit insufficient data validation to run commands with lower user privileges (CVE-2025-36354, CVSS 7.3, high risk). Both appliances and Docker containers of the security solution are vulnerable, and IT administrators are advised to apply the updates promptly. The fixed versions are IBM Security Verify Access 10.0.9.0-IF3 and IBM Verify Identity Access 11.0.1.0-IF1.
IBM has addressed these critical vulnerabilities in the latest versions of its IAM software. Affected versions range from 10.0.0.0 to 10.0.9.0-IF2 for Verify Access and 11.0.0.0 to 11.0.1.0 for Verify Identity Access. IT administrators are urged to update their systems to ensure the security of their networks and data.
Read also:
- Unveiling the Less-Discussed Disadvantages of Buds - Revealing the Silent Story
- Jaguar Land Rover's Month-Long Production Halt After Cyber Attack Could Cost Billions
- "In a daring decision, Battlefield 6 forgoes ray tracing - understanding the advantages this choice brings"
- Jaguar Land Rover Saved by £1.5B UK Loan After Cyberattack Halts Production
