Vulnerabilities > IBM > Security Verify Governance > 10.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-23 | CVE-2022-22466 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2023-10-23 | CVE-2023-33839 | OS Command Injection vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2023-10-23 | CVE-2023-33840 | Cross-site Scripting vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. | 4.8 |
| 2023-10-16 | CVE-2023-33836 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2023-10-16 | CVE-2023-35013 | Exposure of Resource to Wrong Sphere vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. | 4.4 |
| 2023-10-16 | CVE-2023-35018 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. | 7.2 |
| 2023-01-26 | CVE-2022-22462 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Governance 10.0.1 IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-12-24 | CVE-2022-22449 | Information Exposure Through an Error Message vulnerability in IBM Security Verify Governance 10.0.1 IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2022-12-22 | CVE-2022-22456 | Cross-site Scripting vulnerability in IBM Security Verify Governance 10.0.1 IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. | 6.1 |
| 2022-12-22 | CVE-2022-22457 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Governance 10.0.1 IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. | 4.4 |