IBM Security Verify Governance
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Security Verify Governance.
By the Year
In 2026 there have been 0 vulnerabilities in IBM Security Verify Governance. Last year, in 2025 Security Verify Governance had 4 security vulnerabilities published. Right now, Security Verify Governance is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 6.50 |
| 2024 | 1 | 5.90 |
| 2023 | 10 | 7.31 |
| 2022 | 3 | 6.80 |
It may take a day or so for new Security Verify Governance vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Security Verify Governance Security Vulnerabilities
IBM Security Verify Governance 10.0.2 Weak Default Password Policy
CVE-2024-22330
9.8 - Critical
- June 06, 2025
IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
Weak Password Requirements
IBM Security Verify Governance 10.0.2 XSS in Web UI
CVE-2023-33844
5.4 - Medium
- April 09, 2025
IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Security Verify Governance IDM 10.0.2 - Unsalted Hashing Vulnerability
CVE-2023-33838
4.9 - Medium
- January 29, 2025
IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.
Use of a One-Way Hash without a Salt
IBM Security Verify Governance 10.0.2 IAM Exposes Credentials in Cleartext MitM
CVE-2023-35017
5.9 - Medium
- January 29, 2025
IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques.
Cleartext Transmission of Sensitive Information
IBM Security Verify Governance 10.0.2 HSTS Sens. Info Leak
CVE-2023-35888
5.9 - Medium
- March 20, 2024
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375.
IBM Security Verify Governance 10.0 XSS: Arbitrary JS Injection
CVE-2023-33840
4.8 - Medium
- October 23, 2023
IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037.
XSS
IBM Security Verify Governance 10.0 RCE via Authenticated Remote Request
CVE-2023-33839
8.8 - High
- October 23, 2023
IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.
Shell injection
IBM SGV10: Missing Encryption for Sensitive Data Before Storage/Transmission
CVE-2023-33837
7.5 - High
- October 23, 2023
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.
Cleartext Transmission of Sensitive Information
IBM Security Verify Governance 10.0 HardCoded Credentials
CVE-2022-22466
9.8 - Critical
- October 23, 2023
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.
Use of Hard-coded Credentials
IBM Security Verify Governance 10.0 hard-coded credentials vulnerability
CVE-2023-33836
9.8 - Critical
- October 16, 2023
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016.
Use of Hard-coded Credentials
Arbitrary File Upload in IBM Security Verify Governance 10.0
CVE-2023-35018
7.2 - High
- October 16, 2023
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382.
Unrestricted File Upload
Local Privileged Info Disclosure in IBM Security Verify Governance 10.0
CVE-2023-35013
4.4 - Medium
- October 16, 2023
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769.
Exposure of Resource to Wrong Sphere
IBM Verify Governance 10.0 Authenticated RCE via Crafted Request
CVE-2023-35019
8.8 - High
- July 31, 2023
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.
Shell injection
IBM Security Verify Governance ID Manager 10.0 Dir Traversal
CVE-2023-35016
6.5 - Medium
- July 31, 2023
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772.
Directory traversal
IBM Security Verify Governance 10.0 Plain-Text Credential Leak (Local)
CVE-2022-22470
5.5 - Medium
- January 09, 2023
IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.
Cleartext Storage of Sensitive Information
IBM Security Verify Governance IM 10.01 Remote Info Leak via Technical Error
CVE-2022-22449
5.3 - Medium
- December 24, 2022
IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 224915.
Generation of Error Message Containing Sensitive Information
IBM Verify Governance IM 10.0.1 Authenticated User MITM Access Request Abuse
CVE-2022-35646
5.3 - Medium
- December 22, 2022
IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096.
authentification
IBM Verify Governance Identity Manager 10.0 VAP Excess Privilege Operations
CVE-2022-22455
9.8 - Critical
- August 17, 2022
IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 224989.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Security Verify Governance or by IBM? Click the Watch button to subscribe.
