PatchSiren cyber security CVE debrief
CVE-2026-7364 IBM CVE debrief
IBM Verify Identity Access and IBM Security Verify Access are vulnerable to an open redirect attack, which could allow a remote attacker to conduct phishing attacks. The vulnerability affects IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1. An open redirect vulnerability allows attackers to redirect victims to arbitrary web sites.
- Vendor
- IBM
- Product
- Verify Identity Access
- CVSS
- LOW 3.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 should apply the necessary updates to prevent phishing attacks. Operators, platform administrators, vulnerability management teams, and security teams should review the vulnerability and apply mitigations.
Technical summary
The vulnerability is caused by an open redirect vulnerability in IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites. This could lead to phishing attacks. The open redirect vulnerability allows attackers to redirect victims to arbitrary web sites, potentially leading to phishing attacks. IBM Verify Identity Access and IBM Security Verify Access are vulnerable to this attack, which could allow a remote attacker to conduct phishing attacks. Users of these products should apply necessary updates to prevent such attacks.
Defensive priority
Low
Recommended defensive actions
- Apply the necessary updates to IBM Verify Identity Access and IBM Security Verify Access
- Monitor for suspicious activity
- Implement additional security measures to prevent phishing attacks
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-17T20:17:29.203Z and has not been modified since then. The NVD entry is currently 3.1. The vulnerability is classified as CWE-601. Evidence is limited to CVE and NVD details. Defenders should verify affected product deployments and review official advisories.
Official resources
-
CVE-2026-7364 CVE record
CVE.org
-
CVE-2026-7364 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T20:17:29.203Z and has not been modified since then.