Ibm

Security Verify Governance

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-36003

  • EPSS 0.05%
  • Veröffentlicht 28.08.2025 02:07:51
  • Zuletzt bearbeitet 16.09.2025 16:41:58

IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.

9.8

CVE-2024-22330

  • EPSS 0.06%
  • Veröffentlicht 06.06.2025 01:08:52
  • Zuletzt bearbeitet 14.07.2025 18:28:57

IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

5.4

CVE-2023-33844

  • EPSS 0.02%
  • Veröffentlicht 09.04.2025 14:15:27
  • Zuletzt bearbeitet 16.07.2025 15:38:22

IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi...

4.9

CVE-2023-33838

  • EPSS 0.01%
  • Veröffentlicht 29.01.2025 02:15:26
  • Zuletzt bearbeitet 04.03.2025 21:58:37

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.

5.9

CVE-2023-35017

  • EPSS 0.01%
  • Veröffentlicht 29.01.2025 00:15:07
  • Zuletzt bearbeitet 04.03.2025 21:58:37

IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques.

5.9

CVE-2023-35888

  • EPSS 0.02%
  • Veröffentlicht 20.03.2024 14:15:08
  • Zuletzt bearbeitet 27.01.2025 15:18:19

IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information...

4.8

CVE-2023-33840

  • EPSS 0.06%
  • Veröffentlicht 23.10.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:06:03

IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within ...

8.8

CVE-2023-33839

  • EPSS 0.15%
  • Veröffentlicht 23.10.2023 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:06:03

IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.

7.5

CVE-2023-33837

  • EPSS 0.02%
  • Veröffentlicht 23.10.2023 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:06:03

IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.

9.8

CVE-2022-22466

  • EPSS 0.08%
  • Veröffentlicht 23.10.2023 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:51

IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Forc...