PT-2026-29613 · Ibm · Ibm Security Verify Access+3
Publicado
2026-04-01
·
Atualizado
2026-04-02
·
CVE-2026-4364
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Verify Identity Access Container versions 11.0 through 11.0.2
IBM Security Verify Access Container versions 10.0 through 10.0.9.1
IBM Verify Identity Access versions 11.0 through 11.0.2
IBM Security Verify Access versions 10.0 through 10.0.9.1
Description
The software incorrectly specifies the response Content-Type as text/html when delivering a JSON payload for certificate listings retrieved via a browser session. Browsers may interpret the JSON data as executable script under certain conditions, creating an opportunity for JavaScript injection and potential cross-site scripting (XSS).
Recommendations
Update IBM Verify Identity Access Container to a version later than 11.0.2.
Update IBM Security Verify Access Container to a version later than 10.0.9.1.
Update IBM Verify Identity Access to a version later than 11.0.2.
Update IBM Security Verify Access to a version later than 10.0.9.1.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Security Verify Access
Ibm Security Verify Access Container
Verify Identity Access
Ibm Verify Identity Access Container