Ibm Security Verify Governance — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Security Verify Governance, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2022-22455 — CVSS 9.8 (critical): IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher…
CVE-2022-22452 — CVSS 7.5 (high): IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force…
CVE-2022-22453 — CVSS 7.5 (high): IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly…
CVE-2022-22460 — CVSS 7.5 (high): IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further…
CVE-2025-36003 — CVSS 7.5 (high): IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed…
CVE-2023-35019 — CVSS 7.2 (high): IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the…
CVE-2023-33839 — CVSS 7.2 (high): IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a…
CVE-2022-22466 — CVSS 6.8 (medium): IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own…
CVE-2023-35016 — CVSS 6.5 (medium): IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker…
CVE-2022-22458 — CVSS 6.3 (medium): IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote…
CVE-2023-35888 — CVSS 5.9 (medium): IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly…
CVE-2022-22461 — CVSS 5.9 (medium): IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to…
CVE-2022-35646 — CVSS 5.9 (medium): IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other…
CVE-2024-22330 — CVSS 5.9 (medium): IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for…
CVE-2023-35017 — CVSS 5.9 (medium): IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker…
CVE-2023-33844 — CVSS 5.4 (medium): IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2023-33836 — CVSS 5.3 (medium): IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own…
CVE-2022-22457 — CVSS 5.3 (medium): IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which…
CVE-2022-22449 — CVSS 5.3 (medium): IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed…
CVE-2023-33840 — CVSS 4.8 (medium): IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2023-33838 — CVSS 4.4 (medium): IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible…
CVE-2022-22456 — CVSS 4.2 (medium): IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2022-22470 — CVSS 4.1 (medium): IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.
CVE-2023-33837 — CVSS 4.1 (medium): IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID…
CVE-2022-22450 — CVSS 3.8 (low): IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an…
CVE-2023-35018 — CVSS 3.3 (low): IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID…
CVE-2023-35013 — CVSS 2.3 (low): IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code…