cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-35016,https://securityvulnerability.io/vulnerability/CVE-2023-35016,IBM Security Verify Governance path traversal,"IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system.  IBM X-Force ID:  257772.",IBM,"Security Verify Governance, Identity Manager",6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-07-31T01:15:00.000Z,0
CVE-2023-35019,https://securityvulnerability.io/vulnerability/CVE-2023-35019,IBM Security Verify Governance command execution,"IBM Security Verify Governance and Identity Manager 10.0 are susceptible to a vulnerability that allows remote authenticated attackers to execute arbitrary commands. By sending specially crafted requests, attackers can manipulate system operations, potentially leading to unauthorized actions and compromising system integrity. Users of these products should take immediate action to apply security updates and prevent exploitation.",IBM,"Security Verify Governance, Identity Manager",7.2,HIGH,0.0012600000482052565,false,,false,false,false,,,false,false,,2023-07-31T01:15:00.000Z,0
CVE-2022-22449,https://securityvulnerability.io/vulnerability/CVE-2022-22449,"IBM Security Verify Governance, Identity Manager information disclosure","IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.  IBM X-Force ID:  224915.",IBM,"Security Verify Governance, Identity Manager",5.3,MEDIUM,0.0009899999713525176,false,,false,false,false,,,false,false,,2022-12-22T21:26:07.329Z,0
CVE-2022-22457,https://securityvulnerability.io/vulnerability/CVE-2022-22457,"IBM Security Verify Governance, Identity Manager information disclosure","IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user.  IBM X-Force ID:  225007.",IBM,"Security Verify Governance, Identity Manager",5.3,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-12-22T21:20:51.390Z,0
CVE-2022-22458,https://securityvulnerability.io/vulnerability/CVE-2022-22458,"IBM Security Verify Governance, Identity Manager information disclosure","
IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009.

",IBM,"Security Verify Governance, Identity Manager",6.3,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-12-22T21:14:32.564Z,0
CVE-2022-22456,https://securityvulnerability.io/vulnerability/CVE-2022-22456,"IBM Security Verify Governance, Identity Manager cross-site scripting","
IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225004.

",IBM,"Security Verify Governance, Identity Manager",4.2,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-12-22T21:08:16.555Z,0
CVE-2022-22461,https://securityvulnerability.io/vulnerability/CVE-2022-22461,"IBM Security Verify Governance, Identity Manager information disclosure ","
IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007.

",IBM,"Security Verify Governance, Identity Manager",5.9,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2022-12-22T19:39:32.078Z,0
CVE-2022-35646,https://securityvulnerability.io/vulnerability/CVE-2022-35646,"IBM Security Verify Governance, Identity Manager security bypass","
IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096.

 ",IBM,"Security Verify Governance, Identity Manager",5.9,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2022-12-22T19:08:08.335Z,0
CVE-2021-29864,https://securityvulnerability.io/vulnerability/CVE-2021-29864,Open Redirect Vulnerability in IBM Security Identity Manager,IBM Security Identity Manager versions 6.0 and 6.0.2 contain a vulnerability that allows remote attackers to perform phishing attacks through open redirects. Attackers can trick victims into visiting a malicious site that appears legitimate by spoofing the URL. This exploitation can lead to the theft of sensitive information or further assaults on the user. It is crucial for users of affected versions to take preventive measures to mitigate risks associated with this vulnerability.,IBM,Security Identity Manager,6.8,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-08-30T19:15:00.000Z,0
CVE-2021-20574,https://securityvulnerability.io/vulnerability/CVE-2021-20574,,"IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252.",IBM,Security Identity Manager Adapters,7.5,HIGH,0.001339999958872795,false,,false,false,false,,,false,false,,2021-06-28T16:15:00.000Z,0
CVE-2021-20494,https://securityvulnerability.io/vulnerability/CVE-2021-20494,,"IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882.",IBM,Security Identity Manager Adapters,6.5,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2021-06-28T16:15:00.000Z,0
CVE-2021-20573,https://securityvulnerability.io/vulnerability/CVE-2021-20573,,"IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199249.",IBM,Security Identity Manager Adapters,6.5,MEDIUM,0.0015300000086426735,false,,false,false,false,,,false,false,,2021-06-28T16:15:00.000Z,0
CVE-2021-20572,https://securityvulnerability.io/vulnerability/CVE-2021-20572,,"IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247.",IBM,Security Identity Manager Adapters,6.5,MEDIUM,0.0015300000086426735,false,,false,false,false,,,false,false,,2021-06-28T16:15:00.000Z,0
CVE-2021-20488,https://securityvulnerability.io/vulnerability/CVE-2021-20488,,IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.,IBM,Security Identity Manager,7.5,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2021-06-16T17:15:00.000Z,0
CVE-2021-20483,https://securityvulnerability.io/vulnerability/CVE-2021-20483,,"IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.",IBM,Security Identity Manager,5.3,MEDIUM,0.0011899999808520079,false,,false,false,false,,,false,false,,2021-06-16T17:15:00.000Z,0
CVE-2021-29692,https://securityvulnerability.io/vulnerability/CVE-2021-29692,,"IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253.",IBM,Security Identity Manager,3.1,LOW,0.0022700000554323196,false,,false,false,false,,,false,false,,2021-05-20T15:15:00.000Z,0
CVE-2021-29687,https://securityvulnerability.io/vulnerability/CVE-2021-29687,,IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018,IBM,Security Identity Manager,3.7,LOW,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-05-20T15:15:00.000Z,0
CVE-2021-29691,https://securityvulnerability.io/vulnerability/CVE-2021-29691,,"IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252.",IBM,Security Identity Manager,5.9,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2021-05-20T15:15:00.000Z,0
CVE-2021-29682,https://securityvulnerability.io/vulnerability/CVE-2021-29682,,IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997,IBM,Security Identity Manager,5.3,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-05-20T15:15:00.000Z,0
CVE-2021-29683,https://securityvulnerability.io/vulnerability/CVE-2021-29683,,IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998.,IBM,Security Identity Manager,5.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2021-05-20T15:15:00.000Z,0
CVE-2021-29686,https://securityvulnerability.io/vulnerability/CVE-2021-29686,,IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015,IBM,Security Identity Manager,5.4,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2021-05-20T15:15:00.000Z,0
CVE-2021-29688,https://securityvulnerability.io/vulnerability/CVE-2021-29688,,IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102.,IBM,Security Identity Manager,5.3,MEDIUM,0.0015800000401213765,false,,false,false,false,,,false,false,,2021-05-20T15:15:00.000Z,0
CVE-2019-4676,https://securityvulnerability.io/vulnerability/CVE-2019-4676,,IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.,IBM,Security Identity Manager Virtual Appliance,6.3,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-07-01T15:15:00.000Z,0
CVE-2019-4704,https://securityvulnerability.io/vulnerability/CVE-2019-4704,,IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014.,IBM,Security Identity Manager Virtual Appliance,3.7,LOW,0.0007999999797903001,false,,false,false,false,,,false,false,,2020-07-01T15:15:00.000Z,0
CVE-2019-4706,https://securityvulnerability.io/vulnerability/CVE-2019-4706,,IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016.,IBM,Security Identity Manager Virtual Appliance,2.7,LOW,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-07-01T15:15:00.000Z,0