CVE-2021-39070: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Verify Access versions 10.0.0.0, 10.0.1.0, and 10.0.2.0 with the advanced access control authentication service enabled contained a critical authentication bypass vulnerability (CVE-2021-39070). The vulnerability was discovered in August 2021 and publicly disclosed on January 31, 2022. The issue affects both IBM Security Verify Access Appliance and Docker container deployments (IBM Advisory).

The vulnerability received a CVSS v3.1 base score of 9.8 CRITICAL with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates the vulnerability is network exploitable, requires low attack complexity, needs no privileges or user interaction, and can result in high impacts to confidentiality, integrity and availability (NVD).

If exploited, this vulnerability allows an unauthenticated attacker to bypass authentication controls and authenticate as any user on the system. This gives the attacker full access to the system with the privileges of the impersonated user (IBM Advisory).

IBM has released fixes for affected versions: For version 10.0.0.0, users should upgrade to 10.0.3-ISS-ISVA-FP0000. For Docker container deployments, users should pull the latest container version. No workarounds are available, making it critical to apply the provided patches (IBM Advisory).