Skip to main content

Security Verify Governance

24 CVEs product

Monthly

CVE-2025-36003 HIGH This Month

IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-22330 MEDIUM This Month

CVE-2024-22330 is a security vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-33844 MEDIUM This Month

IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Security Verify Governance
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-33838 MEDIUM This Month

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-35017 MEDIUM This Month

IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-33840 MEDIUM PATCH This Month

IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Verify Governance
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-33839 HIGH PATCH This Week

IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Security Verify Governance
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-33837 HIGH PATCH This Week

IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33836 CRITICAL PATCH Act Now

IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Security Verify Governance
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-35018 HIGH PATCH This Week

IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM Security Verify Governance
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-35013 MEDIUM PATCH This Month

IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-35019 HIGH This Week

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Security Verify Governance
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-35016 MEDIUM This Month

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Security Verify Governance
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-22449 MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-22458 MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-22457 MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-22456 MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Verify Governance
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-35646 MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Security Verify Governance
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-22461 HIGH PATCH This Week

IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-22455 CRITICAL PATCH Act Now

IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-22460 HIGH PATCH This Week

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22453 HIGH PATCH This Week

IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-22452 HIGH PATCH This Week

IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-22450 LOW PATCH Monitor

IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload Security Verify Governance
NVD
CVSS 3.1
3.8
EPSS
0.6%
EPSS 0% CVSS 7.5
HIGH This Month

IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

CVE-2024-22330 is a security vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Security Verify Governance
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Verify Governance
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Security Verify Governance
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Security Verify Governance
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM Security Verify Governance
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Security Verify Governance
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Security Verify Governance
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Verify Governance
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Security Verify Governance
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Governance
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Governance
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Governance
NVD
EPSS 1% CVSS 3.8
LOW PATCH Monitor

IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload Security Verify Governance
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy