Vulnerabilities > IBM > Security Verify Governance
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-20 | CVE-2023-35888 | Unspecified vulnerability in IBM Security Verify Governance 10.0.2 IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2023-10-23 | CVE-2022-22466 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2023-10-23 | CVE-2023-33837 | Unspecified vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. | 7.5 |
| 2023-10-23 | CVE-2023-33839 | OS Command Injection vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2023-10-23 | CVE-2023-33840 | Cross-site Scripting vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. | 4.8 |
| 2023-10-16 | CVE-2023-33836 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2023-10-16 | CVE-2023-35013 | Exposure of Resource to Wrong Sphere vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. | 4.4 |
| 2023-10-16 | CVE-2023-35018 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. | 7.2 |
| 2023-07-31 | CVE-2023-35016 | Path Traversal vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2023-07-31 | CVE-2023-35019 | OS Command Injection vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |