Ibm Security Verify Governance
19 CVEs affecting Ibm Security Verify Governance. Latest disclosed: 2025-06-06. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-33839 | High | 7.2 | 2023-10-23 | IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted requ… |
CVE-2022-22466 | Medium | 6.8 | 2023-10-23 | IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication… |
CVE-2024-22330 | Medium | 5.9 | 2025-06-06 | IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise us… |
CVE-2023-35017 | Medium | 5.9 | 2025-01-29 | IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middl… |
CVE-2023-35888 | Medium | 5.9 | 2024-03-20 | IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Trans… |
CVE-2023-33844 | Medium | 5.4 | 2025-04-09 | IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI t… |
CVE-2023-33836 | Medium | 5.3 | 2023-10-16 | IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication… |
CVE-2022-22452 | Medium | 5.3 | 2022-07-14 | IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM… |
CVE-2022-22453 | Medium | 5.1 | 2022-07-14 | IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive informati… |
CVE-2023-33840 | Medium | 4.8 | 2023-10-23 | IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu… |
CVE-2023-33838 | Medium | 4.4 | 2025-01-29 | IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password… |
CVE-2023-33837 | Medium | 4.1 | 2023-10-23 | IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. |
CVE-2022-22470 | Medium | 4.1 | 2023-01-06 | IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232. |
CVE-2022-22450 | Low | 3.8 | 2022-07-14 | IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Fo… |
CVE-2022-22462 | Low | 3.7 | 2023-01-25 | IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an att… |
CVE-2023-35018 | Low | 3.3 | 2023-10-15 | IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382. |
CVE-2022-22460 | Low | 3.0 | 2022-07-14 | IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system… |
CVE-2023-35013 | Low | 2.3 | 2023-10-15 | IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 2… |
CVE-2022-22455 | Low | 2.3 | 2022-08-17 | IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum lev… |