CVE-2023-35888 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-35888
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. • https://exchange.xforce.ibmcloud.com/vulnerabilities/258375 https://www.ibm.com/support/pages/node/7144228 • CWE-311: Missing Encryption of Sensitive Data •
CVE-2023-33837 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-33837
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. IBM Security Verify Governance 10.0 no cifra información confidencial o crítica antes del almacenamiento o la transmisión. ID de IBM X-Force: 256020. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256020 https://www.ibm.com/support/pages/node/7057377 • CWE-311: Missing Encryption of Sensitive Data CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2023-33839 – IBM Security Verify Governance command execution
https://notcve.org/view.php?id=CVE-2023-33839
IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. IBM Security Verify Governance 10.0 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema enviando una solicitud especialmente manipulada. ID de IBM X-Force: 256036. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256036 https://www.ibm.com/support/pages/node/7057377 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-22466 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2022-22466
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222. IBM Security Verify Governance 10.0 contiene credenciales codificadas, como una contraseña o clave criptográfica, que utiliza para su propia autenticación entrante, comunicación saliente con componentes externos o cifrado de datos internos. ID de IBM X-Force: 225222. • https://exchange.xforce.ibmcloud.com/vulnerabilities/225222 https://www.ibm.com/support/pages/node/7057377 • CWE-798: Use of Hard-coded Credentials •
CVE-2023-33840 – IBM Security Verify Governance cross-site scripting
https://notcve.org/view.php?id=CVE-2023-33840
IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037. IBM Security Verify Governance 10.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256037 https://www.ibm.com/support/pages/node/7057377 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •