Vulnerabilities > IBM > Security Verify Governance

DATE CVE VULNERABILITY TITLE RISK
2023-10-23 CVE-2022-22466 Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8
2023-10-23 CVE-2023-33837 Unspecified vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission.
network
low complexity
ibm
7.5
2023-10-23 CVE-2023-33839 OS Command Injection vulnerability in IBM Security Verify Governance 10.0/10.0.1
IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
8.8
2023-10-23 CVE-2023-33840 Cross-site Scripting vulnerability in IBM Security Verify Governance 10.0/10.0.1
IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
4.8
2023-10-16 CVE-2023-33836 Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8
2023-10-16 CVE-2023-35013 Exposure of Resource to Wrong Sphere vulnerability in IBM Security Verify Governance 10.0/10.0.1
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code.
local
low complexity
ibm CWE-668
4.4
2023-10-16 CVE-2023-35018 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Governance 10.0/10.0.1
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation.
network
low complexity
ibm CWE-434
7.2
2023-07-31 CVE-2023-35016 Path Traversal vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2023-07-31 CVE-2023-35019 OS Command Injection vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
8.8
2023-01-26 CVE-2022-22462 Unspecified vulnerability in IBM Security Verify Governance 10.0.1
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm
7.5