PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-7364 IBM CVE debrief

IBM Verify Identity Access and IBM Security Verify Access are vulnerable to an open redirect attack, which could allow a remote attacker to conduct phishing attacks. The vulnerability affects IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1. An open redirect vulnerability allows attackers to redirect victims to arbitrary web sites.

Vendor
IBM
Product
Verify Identity Access
CVSS
LOW 3.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Users of IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 should apply the necessary updates to prevent phishing attacks. Operators, platform administrators, vulnerability management teams, and security teams should review the vulnerability and apply mitigations.

Technical summary

The vulnerability is caused by an open redirect vulnerability in IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites. This could lead to phishing attacks. The open redirect vulnerability allows attackers to redirect victims to arbitrary web sites, potentially leading to phishing attacks. IBM Verify Identity Access and IBM Security Verify Access are vulnerable to this attack, which could allow a remote attacker to conduct phishing attacks. Users of these products should apply necessary updates to prevent such attacks.

Defensive priority

Low

Recommended defensive actions

  • Apply the necessary updates to IBM Verify Identity Access and IBM Security Verify Access
  • Monitor for suspicious activity
  • Implement additional security measures to prevent phishing attacks
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-17T20:17:29.203Z and has not been modified since then. The NVD entry is currently 3.1. The vulnerability is classified as CWE-601. Evidence is limited to CVE and NVD details. Defenders should verify affected product deployments and review official advisories.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T20:17:29.203Z and has not been modified since then.