CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33838 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-33838
29 Jan 2025 — IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input. • https://www.ibm.com/support/pages/node/7172200 • CWE-759: Use of a One-Way Hash without a Salt •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35017 – IBM Security Verify Governance information
https://notcve.org/view.php?id=CVE-2023-35017
29 Jan 2025 — IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques. • https://www.ibm.com/support/pages/node/7172423 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35888 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-35888
20 Mar 2024 — IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. • https://exchange.xforce.ibmcloud.com/vulnerabilities/258375 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33837 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-33837
23 Oct 2023 — IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. IBM Security Verify Governance 10.0 no cifra información confidencial o crítica antes del almacenamiento o la transmisión. ID de IBM X-Force: 256020. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256020 • CWE-311: Missing Encryption of Sensitive Data CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33839 – IBM Security Verify Governance command execution
https://notcve.org/view.php?id=CVE-2023-33839
23 Oct 2023 — IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. IBM Security Verify Governance 10.0 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema enviando una solicitud especialmente manipulada. ID de IBM X-Force: 256036. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256036 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22466 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2022-22466
23 Oct 2023 — IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222. IBM Security Verify Governance 10.0 contiene credenciales codificadas, como una contraseña o clave criptográfica, que utiliza para su propia autenticación entrante, comunicación saliente con componentes externos o cifrado de datos internos. ID de IB... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225222 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33840 – IBM Security Verify Governance cross-site scripting
https://notcve.org/view.php?id=CVE-2023-33840
23 Oct 2023 — IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037. IBM Security Verify Governance 10.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad p... • https://exchange.xforce.ibmcloud.com/vulnerabilities/256037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33836 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-33836
16 Oct 2023 — IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016. IBM Security Verify Governance 10.0 contiene credenciales codificadas, como una contraseña o clave criptográfica, que utiliza para su propia autenticación entrante, comunicación saliente con componentes externos o cifrado de datos internos. ID de IB... • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/256016 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35018 – IBM Security Verify Governance file upload
https://notcve.org/view.php?id=CVE-2023-35018
15 Oct 2023 — IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382. IBM Security Verify Governance 10.0 podría permitir un uso privilegiado para cargar archivos arbitrarios debido a una validación de archivos incorrecta. ID de IBM X-Force: 259382. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259382 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35013 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-35013
15 Oct 2023 — IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. IBM Security Verify Governance 10.0, Identity Manager podría permitir que un usuario privilegiado local obtenga información confidencial del código fuente. ID de IBM X-Force: 257769. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257769 • CWE-540: Inclusion of Sensitive Information in Source Code CWE-668: Exposure of Resource to Wrong Sphere •