IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
History

Wed, 15 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 13 Oct 2025 00:45:00 +0000

Type Values Removed Values Added
Description IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Title IBM Security Verify Access hard coded credentials
First Time appeared Ibm
Ibm security Verify Access
Ibm security Verify Access Docker
Weaknesses CWE-798
CPEs cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access:10.0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_docker:11.0.0.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm security Verify Access
Ibm security Verify Access Docker
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-10-13T00:38:14.262Z

Updated: 2025-10-15T13:46:30.081Z

Reserved: 2025-04-15T21:16:13.891Z

Link: CVE-2025-36087

cve-icon Vulnrichment

Updated: 2025-10-15T13:46:25.251Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-10-13T01:15:48.583

Modified: 2025-10-14T19:36:59.730

Link: CVE-2025-36087

cve-icon Redhat

No data.