This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote authenticated attacker to perform XXE attack and bypass security restrictions.
The vulnerability exists in SAML-based single sign-on (SSO) systems due to improper handling of XML External Entity (XXE) entries when parsing an XML file. A remote attacker can trick SAML systems into authenticating as a different user without knowledge of the victim users password and bypass security restrictions to perform further attacks.
Install update from vendor's website.Vulnerable software versions
IBM Security Verify Access: 9.0.0 - 9.0.4
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?