28 matches found
CVE-2023-35888
CVE-2023-35888 affects IBM Security Verify Governance - Identity Manager/Software component (ISVG 10.0.2). The vulnerability arises from failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to disclose sensitive information via man-in-the-middle techniques. Affect...
CVE-2023-35013
CVE-2023-35013 affects IBM Security Verify Governance Identity Manager virtual appliance component, prior to 10.0.2 FP0000. The issue is an information disclosure risk where a local privileged user could obtain sensitive information from the source code. Remediation provided by IBM: upgrade to 10...
CVE-2022-22449
Summary: CVE-2022-22449 affects IBM Security Verify Governance, Identity Manager 10.01. The issue is information disclosure via detailed browser error messages that could aid an attacker. The IBM bulletin confirms this CVE and lists a fix in the virtual appliance component (10.0.1.0-ISS-ISVG-IMVA...
CVE-2023-33836
CVE-2023-33836 affects IBM Security Verify Governance 10.0. The vulnerability is due to hard-coded credentials (passwords/cryptographic keys) used for inbound authentication, outbound communication, or internal data encryption. Reported impact includes high confidentiality and integrity exposure....
CVE-2023-33837
CVE-2023-33837 affects IBM Security Verify Governance 10.0 and is an information disclosure vulnerability caused by lack of encryption for sensitive data before storage or transmission. The NVD entry cites that plaintext handling enables exposure of sensitive information. IBM’s remediation in the...
CVE-2022-22462
CVE-2022-22462 affects IBM Security Verify Governance, Identity Manager virtual appliance component (10.0.1). The issue stems from the use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. IBM’s IBM Bulletin confirms the vulne...
CVE-2022-22452
IBM Security Verify Identity Manager 10.0 is affected by CVE-2022-22452, due to an inadequate account lockout setting that could allow a remote attacker to brute-force credentials. Affected product/version: IBM Security Verify Identity Manager (virtual appliance component) version 10.0. The NVD e...
CVE-2022-22453
CVE-2022-22453 affects IBM Security Verify Identity Manager 10.0 (virtual appliance component). The root cause is the use of weaker-than-expected cryptographic algorithms, allowing an attacker to decrypt highly sensitive information (confidentiality impact). IBM’s bulletin references a CVSS base ...
CVE-2022-22470
CVE-2022-22470 affects IBM Security Verify Governance 10.0, where credentials are stored in plain clear text and readable by a local user due to insecure storage. The Red Hat/IBM IBM bulletin confirms the issue with a CVSS base score around 4.1 (C:H, I:N, A:N) and local access as the attack vecto...
CVE-2023-35016
CVE-2023-35016 affects IBM Security Verify Governance, Identity Manager 10.0. A remote attacker could traverse directories by sending a crafted URL with dot-dot sequences (/../) to view arbitrary files. IBM’s security bulletin for the Virtual Appliance lists a fix path: upgrade to 10.0.1 with FP0...
CVE-2022-22455
CVE-2022-22455 affects IBM Security Verify Governance Identity Manager 10.0 virtual appliance component. The issue involves performing an operation at a privilege level higher than the minimum required, which can create new weaknesses or amplify existing ones. Remediation available in IBM: upgrad...
CVE-2022-35646
IBM Security Verify Governance, Identity Manager software component (version 10.0.1) is affected by CVE-2022-35646. An authenticated user could modify or cancel another user’s access request via man-in-the-middle techniques. IBM’s security bulletin and Red Hat entry confirm the issue and provide ...
CVE-2022-22450
IBM Security Verify Identity Manager 10.0 is vulnerable to a privilege‑level file upload by bypassing extension security in an HTTP request. Root cause: bypass of extension checking. Impact per sources is low (CVE-2022-22450; CVSS ~3.8, LOW). Affected product/version: IBM Security Verify Identity...
CVE-2024-22330
CVE-2024-22330 affects IBM Security Verify Governance ISVG 10.0.2 where default password policy does not require strong passwords, exposing accounts to compromise. Public metrics indicate a high-impact CVSS 3.1 base score (9.8) with network attack vector and no user interaction. IBM remediation r...
CVE-2022-22458
CVE-2022-22458 affects IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1. The root cause is that user credentials are stored in plaintext, allowing a remote authenticated user to read them. The related IBM bulletin confirms the same CVE and lists a fix path for t...
CVE-2022-22456
CVE-2022-22456 affects IBM Security Verify Governance, Identity Manager (virtual appliance component) version 10.0.1. The vulnerability is a Cross‑Site Scripting (XSS) flaw in the Web UI that allows an attacker to embed arbitrary JavaScript, potentially altering functionality and leading to crede...
CVE-2022-22460
CVE-2022-22460 affects IBM Security Verify Identity Manager 10.0, where sensitive information in the source code repository could be leveraged in subsequent attacks. The IBM bulletin notes remediation for the virtual appliance component, with a fix available in 10.0.1.1 (FP0001 path). Current con...
CVE-2022-22461
CVE-2022-22461 affects IBM Security Verify Governance, Identity Manager virtual appliance component version 10.0.1 . The vulnerability arises from use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information (impact on confidentiality...
CVE-2022-22466
CVE-2022-22466 affects IBM Security Verify Governance 10.0. The vulnerability is described as hard-coded credentials (passwords/cryptographic keys) used for inbound authentication, outbound communication to external components, or encryption of internal data. The impact is listed as information d...
CVE-2022-22457
IBM Security Verify Governance, Identity Manager (virtual appliance component) version 10.0.1 contains a vulnerability where sensitive information, including user credentials, is stored in plaintext and readable by a local privileged user. This is documented as CVE-2022-22457. The IBM bulletin li...
CVE-2023-33839
CVE-2023-33839 affects IBM Security Verify Governance 10.0. An authenticated remote attacker could execute arbitrary commands on the system by sending a specially crafted request. Multiple connected sources (Red Hat, CNVD, PT-Security, CVE listings) corroborate command-injection-like behavior tie...
CVE-2023-35017
IBM Security Verify Governance Identity Manager (ISVG) 10.0.2 is affected by CVE-2023-35017, where user credentials can be transmitted in clear text over the network, potentially exposed to attackers via man-in-the-middle. The issue is addressed in IBM’s remediation with fix packs: 10.0.2.0-ISS-I...
CVE-2023-35018
IBM Security Verify Governance (Identity Manager virtual appliance) is affected by CVE-2023-35018, where a privileged user could upload arbitrary files due to improper file validation. The issue affects version pre-10.0.2 FP0 in the Identity Manager virtual appliance component. IBM’s bulletin als...
CVE-2023-33838
CVE-2023-33838 affects IBM Security Verify Governance 10.0.2 Identity Manager. The issue is that the product uses a one-way cryptographic hash on inputs that should not be reversible (e.g., passwords) without applying a salt, increasing exposure of hashed values. The connected IBM bulletin confir...
CVE-2023-33840
CVE-2023-33840 affects IBM Security Verify Governance 10.0. The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Public sources in the connected documents ...
CVE-2023-35019
IBM Security Verify Governance, Identity Manager (virtual appliance component) 10.0 is affected by CVE-2023-35019. An authenticated remote attacker could execute arbitrary commands on the system by sending a specially crafted request. The IBM Security bulletin lists a CVSS base score of 7.2 (vect...
CVE-2023-33844
Incident summary: CVE-2023-33844 affects IBM Security Verify Governance 10.0.2 with a cross-site scripting (XSS) flaw in the Web UI. The root cause involves insufficient filtering/escaping of user-supplied data, enabling arbitrary JavaScript execution that can lead to credentials disclosure withi...
CVE-2025-36003
CVE-2025-36003 affects IBM Security Verify Governance with Identity Manager 10.0.2. The vulnerability arises from returning detailed technical error messages, enabling a remote attacker to obtain sensitive information about the system (information disclosure). Affected components include the Iden...