IBM Security Verify Governance
By the Year
In 2024 there have been 0 vulnerabilities in IBM Security Verify Governance . Last year Security Verify Governance had 10 security vulnerabilities published. Right now, Security Verify Governance is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 10 | 7.31 |
| 2022 | 1 | 9.80 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Security Verify Governance vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Security Verify Governance Security Vulnerabilities
IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting
CVE-2023-33840
4.8 - Medium
- October 23, 2023
IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037.
XSS
IBM Security Verify Governance 10.0 could
CVE-2023-33839
8.8 - High
- October 23, 2023
IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.
Shell injection
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission
CVE-2023-33837
7.5 - High
- October 23, 2023
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.
Missing Encryption of Sensitive Data
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key
CVE-2022-22466
9.8 - Critical
- October 23, 2023
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.
Use of Hard-coded Credentials
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key
CVE-2023-33836
9.8 - Critical
- October 16, 2023
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016.
Use of Hard-coded Credentials
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation
CVE-2023-35018
7.2 - High
- October 16, 2023
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382.
Unrestricted File Upload
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code
CVE-2023-35013
4.4 - Medium
- October 16, 2023
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769.
Exposure of Resource to Wrong Sphere
IBM Security Verify Governance, Identity Manager 10.0 could
CVE-2023-35019
8.8 - High
- July 31, 2023
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.
Shell injection
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system
CVE-2023-35016
6.5 - Medium
- July 31, 2023
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772.
Directory traversal
IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user
CVE-2022-22470
5.5 - Medium
- January 09, 2023
IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.
Cleartext Storage of Sensitive Information
IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level
CVE-2022-22455
9.8 - Critical
- August 17, 2022
IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 224989.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Security Verify Governance or by IBM? Click the Watch button to subscribe.
