Vulnerabilities > IBM > Security Verify Governance > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-23 CVE-2023-33837 Unspecified vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission.
network
low complexity
ibm
7.5
2023-10-23 CVE-2023-33839 OS Command Injection vulnerability in IBM Security Verify Governance 10.0/10.0.1
IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
8.8
2023-10-16 CVE-2023-35018 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Governance 10.0/10.0.1
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation.
network
low complexity
ibm CWE-434
7.2
2023-07-31 CVE-2023-35019 OS Command Injection vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
8.8
2023-01-26 CVE-2022-22462 Unspecified vulnerability in IBM Security Verify Governance 10.0.1
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm
7.5
2022-12-22 CVE-2022-22461 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Governance 10.0.1
IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2022-07-14 CVE-2022-22452 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
2022-07-14 CVE-2022-22453 Inadequate Encryption Strength vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2022-07-14 CVE-2022-22460 Unspecified vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system.
network
low complexity
ibm
7.5