A privilege escalation vulnerability in IBM Verify Identity and Security Verify Access allows an authenticated local user to gain root-level privileges.

The vulnerability occurs because the affected containers or services execute with unnecessary privileges. A locally authenticated user can leverage these excessive permissions to escalate their status to root, circumventing standard security controls.

With a CVSS score of 9.3, this is a critical escalation risk. An attacker who has already gained low-level access to the system can escalate to root, granting them full control over the identity management infrastructure, which could lead to mass credential theft and identity compromise.

Immediate Action: Apply the latest patches and updates provided by IBM for the affected containers or software versions.

Proactive Monitoring: Audit local user activity and monitor for suspicious escalation attempts or unauthorized root-level commands.

Compensating Controls: Apply strict access control policies on the host systems and ensure that only trusted users have shell access to environments where these containers are running.

Public Exploit Available: No

Organizations using IBM identity management solutions must prioritize these updates. The ability to escalate to root makes this a significant target for attackers who have gained initial access to a network; immediate patching is required to secure the identity plane.