Security Verify Governance
by IBM
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-36003 | 0.00 | — | 0.00 | Aug 28, 2025 | IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system. | |||
| CVE-2024-22330 | 0.00 | — | 0.00 | Jun 6, 2025 | IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||
| CVE-2023-33844 | 0.00 | — | 0.00 | Apr 9, 2025 | IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||
| CVE-2023-33838 | 0.00 | — | 0.00 | Jan 29, 2025 | IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input. | |||
| CVE-2023-35017 | 0.00 | — | 0.00 | Jan 29, 2025 | IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques. | |||
| CVE-2023-35888 | 0.00 | — | 0.00 | Mar 20, 2024 | IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. | |||
| CVE-2023-33837 | 0.00 | — | 0.00 | Oct 23, 2023 | IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. | |||
| CVE-2023-33839 | 0.00 | — | 0.00 | Oct 23, 2023 | IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. | |||
| CVE-2022-22466 | 0.00 | — | 0.00 | Oct 23, 2023 | IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222. | |||
| CVE-2023-33840 | 0.00 | — | 0.00 | Oct 23, 2023 | IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037. | |||
| CVE-2023-33836 | 0.00 | — | 0.00 | Oct 16, 2023 | IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016. | |||
| CVE-2023-35018 | 0.00 | — | 0.00 | Oct 15, 2023 | IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382. | |||
| CVE-2023-35013 | 0.00 | — | 0.00 | Oct 15, 2023 | IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. | |||
| CVE-2023-35016 | 0.00 | — | 0.00 | Jul 31, 2023 | IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772. | |||
| CVE-2023-35019 | 0.00 | — | 0.00 | Jul 31, 2023 | IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873. | |||
| CVE-2022-22462 | 0.00 | — | 0.00 | Jan 25, 2023 | IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078. | |||
| CVE-2022-22470 | 0.00 | — | 0.00 | Jan 6, 2023 | IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232. | |||
| CVE-2022-22449 | 0.00 | — | 0.00 | Dec 22, 2022 | IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 224915. | |||
| CVE-2022-22457 | 0.00 | — | 0.00 | Dec 22, 2022 | IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007. | |||
| CVE-2022-22458 | 0.00 | — | 0.00 | Dec 22, 2022 | IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009. |
- CVE-2025-36003Aug 28, 2025risk 0.00cvss —epss 0.00
IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.
- CVE-2024-22330Jun 6, 2025risk 0.00cvss —epss 0.00
IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
- CVE-2023-33844Apr 9, 2025risk 0.00cvss —epss 0.00
IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
- CVE-2023-33838Jan 29, 2025risk 0.00cvss —epss 0.00
IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.
- CVE-2023-35017Jan 29, 2025risk 0.00cvss —epss 0.00
IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques.
- CVE-2023-35888Mar 20, 2024risk 0.00cvss —epss 0.00
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375.
- CVE-2023-33837Oct 23, 2023risk 0.00cvss —epss 0.00
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.
- CVE-2023-33839Oct 23, 2023risk 0.00cvss —epss 0.00
IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.
- CVE-2022-22466Oct 23, 2023risk 0.00cvss —epss 0.00
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.
- CVE-2023-33840Oct 23, 2023risk 0.00cvss —epss 0.00
IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037.
- CVE-2023-33836Oct 16, 2023risk 0.00cvss —epss 0.00
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016.
- CVE-2023-35018Oct 15, 2023risk 0.00cvss —epss 0.00
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382.
- CVE-2023-35013Oct 15, 2023risk 0.00cvss —epss 0.00
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769.
- CVE-2023-35016Jul 31, 2023risk 0.00cvss —epss 0.00
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772.
- CVE-2023-35019Jul 31, 2023risk 0.00cvss —epss 0.00
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.
- CVE-2022-22462Jan 25, 2023risk 0.00cvss —epss 0.00
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078.
- CVE-2022-22470Jan 6, 2023risk 0.00cvss —epss 0.00
IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.
- CVE-2022-22449Dec 22, 2022risk 0.00cvss —epss 0.00
IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 224915.
- CVE-2022-22457Dec 22, 2022risk 0.00cvss —epss 0.00
IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007.
- CVE-2022-22458Dec 22, 2022risk 0.00cvss —epss 0.00
IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009.
Page 1 of 2