Vulnerabilities > CVE-2023-33838 - Use of a One-Way Hash without a Salt vulnerability in IBM Security Verify Governance 10.0.2

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ibm
CWE-759

Summary

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.

Vulnerable Configurations

Part Description Count
Application
Ibm
1

Common Weakness Enumeration (CWE)