IBM Security Verify Governance
By the Year
In 2024 there have been 0 vulnerabilities in IBM Security Verify Governance . Last year Security Verify Governance had 10 security vulnerabilities published. Right now, Security Verify Governance is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 10 | 7.31 |
2022 | 1 | 9.80 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Security Verify Governance vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Security Verify Governance Security Vulnerabilities
IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting
CVE-2023-33840
4.8 - Medium
- October 23, 2023
IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037.
XSS
IBM Security Verify Governance 10.0 could
CVE-2023-33839
8.8 - High
- October 23, 2023
IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.
Shell injection
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission
CVE-2023-33837
7.5 - High
- October 23, 2023
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.
Missing Encryption of Sensitive Data
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key
CVE-2022-22466
9.8 - Critical
- October 23, 2023
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.
Use of Hard-coded Credentials
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key
CVE-2023-33836
9.8 - Critical
- October 16, 2023
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016.
Use of Hard-coded Credentials
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation
CVE-2023-35018
7.2 - High
- October 16, 2023
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382.
Unrestricted File Upload
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code
CVE-2023-35013
4.4 - Medium
- October 16, 2023
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769.
Exposure of Resource to Wrong Sphere
IBM Security Verify Governance, Identity Manager 10.0 could
CVE-2023-35019
8.8 - High
- July 31, 2023
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.
Shell injection
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system
CVE-2023-35016
6.5 - Medium
- July 31, 2023
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772.
Directory traversal
IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user
CVE-2022-22470
5.5 - Medium
- January 09, 2023
IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.
Cleartext Storage of Sensitive Information
IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level
CVE-2022-22455
9.8 - Critical
- August 17, 2022
IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 224989.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Security Verify Governance or by IBM? Click the Watch button to subscribe.