Security Verify Governance
by IBM
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-33838 | Med | 0.29 | 4.4 | 0.00 | Jan 29, 2025 | IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input. | ||
| CVE-2023-33837 | Med | 0.27 | 4.1 | 0.00 | Oct 23, 2023 | IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. | ||
| CVE-2022-22470 | Med | 0.27 | 4.1 | 0.00 | Jan 9, 2023 | IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232. | ||
| CVE-2022-22456 | Med | 0.27 | 4.2 | 0.00 | Dec 22, 2022 | IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a… | ||
| CVE-2022-22450 | Low | 0.25 | 3.8 | 0.01 | Jul 14, 2022 | IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916. | ||
| CVE-2022-22462 | Low | 0.24 | 3.7 | 0.00 | Jan 26, 2023 | IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078. | ||
| CVE-2023-35018 | Low | 0.21 | 3.3 | 0.00 | Oct 16, 2023 | IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382. | ||
| CVE-2023-35013 | Low | 0.15 | 2.3 | 0.00 | Oct 16, 2023 | IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. |
- risk 0.29cvss 4.4epss 0.00
IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.
- risk 0.27cvss 4.1epss 0.00
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.
- risk 0.27cvss 4.1epss 0.00
IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.
- risk 0.27cvss 4.2epss 0.00
IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…
- risk 0.25cvss 3.8epss 0.01
IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.
- risk 0.24cvss 3.7epss 0.00
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078.
- risk 0.21cvss 3.3epss 0.00
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382.
- risk 0.15cvss 2.3epss 0.00
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769.
Page 2 of 2