Skip to main content

Security Verify Governance CVE-2023-35013

MEDIUM
Inclusion of Sensitive Information in Source Code (CWE-540)
2023-10-16 psirt@us.ibm.com
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 16, 2023 - 00:15 nvd
MEDIUM 4.4

DescriptionNVD

IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769.

AnalysisAI

IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-540. IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. Affected products include: Ibm Security Verify Governance.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-33836 CRITICAL
9.8 Oct 16

IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it u

CVE-2022-22455 CRITICAL
9.8 Aug 17

IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege le

CVE-2023-33839 HIGH
8.8 Oct 23

IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the sys

CVE-2023-35019 HIGH
8.8 Jul 31

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary c

CVE-2023-33837 HIGH
7.5 Oct 23

IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. R

CVE-2022-22461 HIGH
7.5 Dec 22

IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could al

CVE-2022-22460 HIGH
7.5 Jul 14

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be use

CVE-2022-22453 HIGH
7.5 Jul 14

IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacke

CVE-2022-22452 HIGH
7.5 Jul 14

IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker

CVE-2023-35018 HIGH
7.2 Oct 16

IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validati

CVE-2023-35016 MEDIUM
6.5 Jul 31

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the syste

CVE-2022-22458 MEDIUM
6.5 Dec 22

IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by

Share

CVE-2023-35013 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy