CVE-2025-36355

Description

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

Low

Affected products

ibm / security_verify_access10.0.0.0 – 10.0.0.0
ibm / security_verify_access10.0.9.0 – 10.0.9.0
ibm / security_verify_access11.0.0.0 – 11.0.0.0
ibm / security_verify_access11.0.1.0 – 11.0.1.0
ibm / security_verify_access_docker10.0.0.0 – 10.0.0.0
ibm / security_verify_access_docker10.0.9.0 – 10.0.9.0
ibm / security_verify_access_docker11.0.0.0 – 11.0.0.0
ibm / security_verify_access_docker11.0.1.0 – 11.0.1.0

References

MISChttps://www.ibm.com/support/pages/node/7247215