[NEW] [high] IBM Security Verify Access: Multiple vulnerabilities
An attacker can exploit multiple vulnerabilities in IBM Security Verify Access to gain elevated privileges, execute arbitrary code, bypass security measures, manipulate data, disclose sensitive information, and perform other unspecified attacks.
CSIRTS triage
- What
- Multiple vulnerabilities allow an attacker to gain elevated privileges, execute arbitrary code, and manipulate data.
- Who is affected
- Deployments of IBM Security Verify Access are affected.
- Urgency
- Remediation is urgent due to the high severity of the vulnerabilities.
- Action
- Apply patches as they become available.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Security Verify Access
Get an email when a new Security Verify Access advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2253
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2019-199210.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2022-488300.20% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 10% of all scored CVEs.
- Low exploitation riskCVE-2022-490240.24% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all scored CVEs.
- Low exploitation riskCVE-2022-492690.25% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 16% of all scored CVEs.
- Low exploitation riskCVE-2022-493530.21% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 12% of all scored CVEs.
- Low exploitation riskCVE-2022-493570.16% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 5% of all scored CVEs.
- Low exploitation riskCVE-2022-494320.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 17% of all scored CVEs.
- Low exploitation riskCVE-2022-494370.25% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 16% of all scored CVEs.
- Low exploitation riskCVE-2022-494430.17% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 7% of all scored CVEs.
- Low exploitation riskCVE-2022-496230.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 18% of all scored CVEs.
Referenced CVEs
+12 more CVEs referenced in this advisory.
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of servicecert-bund
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow Denial of Servicecert-bund
- unknownexploitedUSN-8528-1: Linux kernel (Xilinx ZynqMP) vulnerabilitiesubuntu
- unknownMultiple vulnerabilities in IBM products (July 10, 2026)cert-fr-avis
- high[UPDATE] [high] Linux Kernel: Multiple vulnerabilitiescert-bund
- high[UPDATE] [high] Linux Kernel: Multiple vulnerabilitiescert-bund
More from CERT-Bund (BSI) Security Advisories
- medium[NEW] [medium] DENX U-Boot: Multiple vulnerabilities allow execution of arbitrary code and DoS2026-07-10
- medium[NEW] [medium] Samsung Android: Multiple vulnerabilities2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow unspecified attack2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10