5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.014 Low
EPSS
Percentile
86.5%
IBM Security Verify Governance - Identity Manager ships with IBM Db2 and IBM WebSphere Application Server traditional. Information about security vulnerabilities affecting these dependencies has been published in security bulletins.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Security Verify Governance, Identity Manager software component | ISVG 10.0.2 |
IBM Security Verify Governance, Identity Manager virtual appliance component | ISVG 10.0.2 |
IBM Security Verify Governance Identity Manager Container | ISVG 10.0.2 |
IBM encourages customers to update their systems promptly.
Principal Product and Version(s)
|
Affected Supporting Product and Version(s)
|
Affected Supporting Product Security Bulletin
—|—|—
ISVG 10.0.2
|
Db2 v10.5, v11.1, v11.5
|
Security Bulletin: IBM® Db2® may be vulnerable to a denial of service when executing a specially crafted ‘Load’ command. (CVE-2022-43929)
<https://www.ibm.com/support/pages/node/6953763>
ISVG 10.0.2
|
Db2 v10.5, v11.1, v11.5
|
Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT (CVE-2023-38729)
<https://www.ibm.com/support/pages/node/7145721>
ISVG 10.0.2
|
Db2 v11.5
|
Security Bulletin: IBM® Db2® is vulnerable to denial of service when querying a specific UDF built-in function concurrently (CVE-2023-52296)
<https://www.ibm.com/support/pages/node/7145722>
ISVG 10.0.2
|
Db2 v11.1, v11.5
|
Security Bulletin: IBM® Db2® is affected by a vulnerability in an open source library boost (CVE-2012-2677)
<https://www.ibm.com/support/pages/node/7145724>
ISVG 10.0.2
|
Db2 v11.1
|
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file (CVE-2024-25030)
<https://www.ibm.com/support/pages/node/7145725>
ISVG 10.0.2
|
Db2 v11.1, v11.5
|
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2024-25046)
<https://www.ibm.com/support/pages/node/7145726>
ISVG 10.0.2
|
Db2 10.5, v11.1, v11.5
|
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions (CVE-2024-27254)
<https://www.ibm.com/support/pages/node/7145727>
ISVG 10.0.2
|
Db2 v11.5
|
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar tables (CVE-2024-22360)
<https://www.ibm.com/support/pages/node/7145730>
ISVG 10.0.2
|
IBM WebSphere Application Server v8.5 and v9.0
|
IBM WebSphere Application Server traditional could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. This may result in SSL cipher suites being ignored.
Security bulletin link: <https://www.ibm.com/support/pages/node/7145620>
ISVG 10.0.2
|
IBM WebSphere Application Server v8.5 and v9.0
|
An update to the jose4j OSS included in WebSphere Application Server traditional.
Security bulletin link: <https://www.ibm.com/support/pages/node/7145942>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security verify governance | eq | 10.0.2 |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.014 Low
EPSS
Percentile
86.5%