Lucene search
K
IbmSecurity Verify Governance

28 matches found

CVE
CVE
added 2024/03/20 1:25 p.m.89 views

CVE-2023-35888

CVE-2023-35888 affects IBM Security Verify Governance - Identity Manager/Software component (ISVG 10.0.2). The vulnerability arises from failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to disclose sensitive information via man-in-the-middle techniques. Affect...

5.9CVSS5.4AI score0.00315EPSS
CVE
CVE
added 2023/10/15 11:43 p.m.88 views

CVE-2023-35013

CVE-2023-35013 affects IBM Security Verify Governance Identity Manager virtual appliance component, prior to 10.0.2 FP0000. The issue is an information disclosure risk where a local privileged user could obtain sensitive information from the source code. Remediation provided by IBM: upgrade to 10...

4.4CVSS3.3AI score0.00174EPSS
CVE
CVE
added 2022/12/22 9:26 p.m.77 views

CVE-2022-22449

Summary: CVE-2022-22449 affects IBM Security Verify Governance, Identity Manager 10.01. The issue is information disclosure via detailed browser error messages that could aid an attacker. The IBM bulletin confirms this CVE and lists a fix in the virtual appliance component (10.0.1.0-ISS-ISVG-IMVA...

5.3CVSS4.8AI score0.007EPSS
CVE
CVE
added 2023/10/16 12:26 a.m.76 views

CVE-2023-33836

CVE-2023-33836 affects IBM Security Verify Governance 10.0. The vulnerability is due to hard-coded credentials (passwords/cryptographic keys) used for inbound authentication, outbound communication, or internal data encryption. Reported impact includes high confidentiality and integrity exposure....

9.8CVSS6.3AI score0.00442EPSS
CVE
CVE
added 2023/10/23 7:47 p.m.76 views

CVE-2023-33837

CVE-2023-33837 affects IBM Security Verify Governance 10.0 and is an information disclosure vulnerability caused by lack of encryption for sensitive data before storage or transmission. The NVD entry cites that plaintext handling enables exposure of sensitive information. IBM’s remediation in the...

7.5CVSS5.5AI score0.00264EPSS
CVE
CVE
added 2023/01/25 6:59 p.m.74 views

CVE-2022-22462

CVE-2022-22462 affects IBM Security Verify Governance, Identity Manager virtual appliance component (10.0.1). The issue stems from the use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. IBM’s IBM Bulletin confirms the vulne...

7.5CVSS5.4AI score0.00478EPSS
CVE
CVE
added 2022/07/14 5:40 p.m.73 views

CVE-2022-22452

IBM Security Verify Identity Manager 10.0 is affected by CVE-2022-22452, due to an inadequate account lockout setting that could allow a remote attacker to brute-force credentials. Affected product/version: IBM Security Verify Identity Manager (virtual appliance component) version 10.0. The NVD e...

7.5CVSS7.2AI score0.0083EPSS
CVE
CVE
added 2022/07/14 5:40 p.m.73 views

CVE-2022-22453

CVE-2022-22453 affects IBM Security Verify Identity Manager 10.0 (virtual appliance component). The root cause is the use of weaker-than-expected cryptographic algorithms, allowing an attacker to decrypt highly sensitive information (confidentiality impact). IBM’s bulletin references a CVSS base ...

7.5CVSS7.1AI score0.00331EPSS
CVE
CVE
added 2023/01/06 4:39 p.m.72 views

CVE-2022-22470

CVE-2022-22470 affects IBM Security Verify Governance 10.0, where credentials are stored in plain clear text and readable by a local user due to insecure storage. The Red Hat/IBM IBM bulletin confirms the issue with a CVSS base score around 4.1 (C:H, I:N, A:N) and local access as the attack vecto...

5.5CVSS4.5AI score0.00121EPSS
CVE
CVE
added 2023/07/31 12:29 a.m.71 views

CVE-2023-35016

CVE-2023-35016 affects IBM Security Verify Governance, Identity Manager 10.0. A remote attacker could traverse directories by sending a crafted URL with dot-dot sequences (/../) to view arbitrary files. IBM’s security bulletin for the Virtual Appliance lists a fix path: upgrade to 10.0.1 with FP0...

6.5CVSS6.3AI score0.00946EPSS
CVE
CVE
added 2022/08/17 4:10 p.m.70 views

CVE-2022-22455

CVE-2022-22455 affects IBM Security Verify Governance Identity Manager 10.0 virtual appliance component. The issue involves performing an operation at a privilege level higher than the minimum required, which can create new weaknesses or amplify existing ones. Remediation available in IBM: upgrad...

9.8CVSS8.9AI score0.00438EPSS
CVE
CVE
added 2022/12/22 7:8 p.m.69 views

CVE-2022-35646

IBM Security Verify Governance, Identity Manager software component (version 10.0.1) is affected by CVE-2022-35646. An authenticated user could modify or cancel another user’s access request via man-in-the-middle techniques. IBM’s security bulletin and Red Hat entry confirm the issue and provide ...

5.9CVSS5AI score0.00366EPSS
CVE
CVE
added 2022/07/14 5:40 p.m.68 views

CVE-2022-22450

IBM Security Verify Identity Manager 10.0 is vulnerable to a privilege‑level file upload by bypassing extension security in an HTTP request. Root cause: bypass of extension checking. Impact per sources is low (CVE-2022-22450; CVSS ~3.8, LOW). Affected product/version: IBM Security Verify Identity...

3.8CVSS4.1AI score0.00498EPSS
CVE
CVE
added 2025/06/06 1:8 a.m.68 views

CVE-2024-22330

CVE-2024-22330 affects IBM Security Verify Governance ISVG 10.0.2 where default password policy does not require strong passwords, exposing accounts to compromise. Public metrics indicate a high-impact CVSS 3.1 base score (9.8) with network attack vector and no user interaction. IBM remediation r...

9.8CVSS5.6AI score0.00278EPSS
CVE
CVE
added 2022/12/22 9:14 p.m.67 views

CVE-2022-22458

CVE-2022-22458 affects IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1. The root cause is that user credentials are stored in plaintext, allowing a remote authenticated user to read them. The related IBM bulletin confirms the same CVE and lists a fix path for t...

6.5CVSS5.8AI score0.00765EPSS
CVE
CVE
added 2022/12/22 9:8 p.m.66 views

CVE-2022-22456

CVE-2022-22456 affects IBM Security Verify Governance, Identity Manager (virtual appliance component) version 10.0.1. The vulnerability is a Cross‑Site Scripting (XSS) flaw in the Web UI that allows an attacker to embed arbitrary JavaScript, potentially altering functionality and leading to crede...

6.1CVSS4.8AI score0.00301EPSS
CVE
CVE
added 2022/07/14 5:40 p.m.66 views

CVE-2022-22460

CVE-2022-22460 affects IBM Security Verify Identity Manager 10.0, where sensitive information in the source code repository could be leveraged in subsequent attacks. The IBM bulletin notes remediation for the virtual appliance component, with a fix available in 10.0.1.1 (FP0001 path). Current con...

7.5CVSS7AI score0.00623EPSS
CVE
CVE
added 2022/12/22 7:39 p.m.66 views

CVE-2022-22461

CVE-2022-22461 affects IBM Security Verify Governance, Identity Manager virtual appliance component version 10.0.1 . The vulnerability arises from use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information (impact on confidentiality...

7.5CVSS6.2AI score0.00404EPSS
CVE
CVE
added 2023/10/23 7:42 p.m.66 views

CVE-2022-22466

CVE-2022-22466 affects IBM Security Verify Governance 10.0. The vulnerability is described as hard-coded credentials (passwords/cryptographic keys) used for inbound authentication, outbound communication to external components, or encryption of internal data. The impact is listed as information d...

9.8CVSS7.9AI score0.00594EPSS
CVE
CVE
added 2022/12/22 9:20 p.m.63 views

CVE-2022-22457

IBM Security Verify Governance, Identity Manager (virtual appliance component) version 10.0.1 contains a vulnerability where sensitive information, including user credentials, is stored in plaintext and readable by a local privileged user. This is documented as CVE-2022-22457. The IBM bulletin li...

5.3CVSS4.2AI score0.00126EPSS
CVE
CVE
added 2023/10/23 7:45 p.m.62 views

CVE-2023-33839

CVE-2023-33839 affects IBM Security Verify Governance 10.0. An authenticated remote attacker could execute arbitrary commands on the system by sending a specially crafted request. Multiple connected sources (Red Hat, CNVD, PT-Security, CVE listings) corroborate command-injection-like behavior tie...

8.8CVSS7.9AI score0.01105EPSS
CVE
CVE
added 2025/01/29 12:0 a.m.62 views

CVE-2023-35017

IBM Security Verify Governance Identity Manager (ISVG) 10.0.2 is affected by CVE-2023-35017, where user credentials can be transmitted in clear text over the network, potentially exposed to attackers via man-in-the-middle. The issue is addressed in IBM’s remediation with fix packs: 10.0.2.0-ISS-I...

5.9CVSS5.6AI score0.0023EPSS
CVE
CVE
added 2023/10/15 11:46 p.m.62 views

CVE-2023-35018

IBM Security Verify Governance (Identity Manager virtual appliance) is affected by CVE-2023-35018, where a privileged user could upload arbitrary files due to improper file validation. The issue affects version pre-10.0.2 FP0 in the Identity Manager virtual appliance component. IBM’s bulletin als...

7.2CVSS4.8AI score0.00367EPSS
CVE
CVE
added 2025/01/29 1:22 a.m.60 views

CVE-2023-33838

CVE-2023-33838 affects IBM Security Verify Governance 10.0.2 Identity Manager. The issue is that the product uses a one-way cryptographic hash on inputs that should not be reversible (e.g., passwords) without applying a salt, increasing exposure of hashed values. The connected IBM bulletin confir...

4.9CVSS4.7AI score0.00231EPSS
CVE
CVE
added 2023/10/23 7:36 p.m.57 views

CVE-2023-33840

CVE-2023-33840 affects IBM Security Verify Governance 10.0. The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Public sources in the connected documents ...

4.8CVSS4.8AI score0.00316EPSS
CVE
CVE
added 2023/07/31 12:27 a.m.57 views

CVE-2023-35019

IBM Security Verify Governance, Identity Manager (virtual appliance component) 10.0 is affected by CVE-2023-35019. An authenticated remote attacker could execute arbitrary commands on the system by sending a specially crafted request. The IBM Security bulletin lists a CVSS base score of 7.2 (vect...

8.8CVSS7.5AI score0.01EPSS
CVE
CVE
added 2025/04/09 2:3 p.m.51 views

CVE-2023-33844

Incident summary: CVE-2023-33844 affects IBM Security Verify Governance 10.0.2 with a cross-site scripting (XSS) flaw in the Web UI. The root cause involves insufficient filtering/escaping of user-supplied data, enabling arbitrary JavaScript execution that can lead to credentials disclosure withi...

5.4CVSS5.3AI score0.00198EPSS
CVE
CVE
added 2025/08/28 2:7 a.m.23 views

CVE-2025-36003

CVE-2025-36003 affects IBM Security Verify Governance with Identity Manager 10.0.2. The vulnerability arises from returning detailed technical error messages, enabling a remote attacker to obtain sensitive information about the system (information disclosure). Affected components include the Iden...

7.5CVSS5.8AI score0.00314EPSS