cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-33838,https://securityvulnerability.io/vulnerability/CVE-2023-33838,Cryptographic Weakness in IBM Security Verify Governance Identity Manager,"IBM Security Verify Governance, specifically version 10.0.2, is affected by a vulnerability due to the use of a one-way cryptographic hash for sensitive data, such as passwords, without incorporating a salt. This oversight reduces the effectiveness of the hashing mechanism, potentially exposing user credentials to reversible attacks. Proper cryptographic practices mandate the use of salts in conjunction with hashes to enhance security, and the absence of this can lead to increased risks for password-related exploits.",IBM,Security Verify Governance,4.4,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-29T01:22:19.102Z,0
CVE-2023-35017,https://securityvulnerability.io/vulnerability/CVE-2023-35017,Clear Text Credential Transmission in IBM Security Verify Governance 10.0.2,"IBM Security Verify Governance 10.0.2 contains a vulnerability where user credentials are transmitted in clear text. This transmission is susceptible to interception by attackers utilizing man-in-the-middle techniques, posing a significant risk to user data integrity and confidentiality. It is crucial for organizations using this product to implement security measures that protect sensitive information from unauthorized access.",IBM,Security Verify Governance,5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-29T00:00:14.545Z,0
CVE-2023-35888,https://securityvulnerability.io/vulnerability/CVE-2023-35888,IBM Security Verify Governance Vulnerability Could Lead to Sensitive Information Theft,"The vulnerability in IBM Security Verify Governance 10.0.2 arises from the improper configuration of HTTP Strict Transport Security (HSTS), which can leave the product exposed to potential exploitation. A remote attacker may leverage this flaw to execute man-in-the-middle attacks, thereby gaining unauthorized access to sensitive information transmitted over the network. This vulnerability emphasizes the importance of properly configuring security protocols to safeguard data integrity and confidentiality.",IBM,Security Verify Governance,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-03-20T13:25:12.617Z,0
CVE-2023-33840,https://securityvulnerability.io/vulnerability/CVE-2023-33840,IBM Security Verify Governance cross-site scripting,IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  256037.,IBM,Security Verify Governance,4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-10-23T20:15:00.000Z,0
CVE-2023-33837,https://securityvulnerability.io/vulnerability/CVE-2023-33837,IBM Security Verify Governance information disclosure,"IBM Security Verify Governance 10.0 lacks sufficient encryption for sensitive and critical information during both storage and transmission, which poses a serious risk of unauthorized access to confidential data. The absence of proper encryption mechanisms may expose users to data breaches. Organizations using this product are advised to take immediate action to mitigate potential risks.",IBM,Security Verify Governance,7.5,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2023-10-23T20:15:00.000Z,0
CVE-2023-33839,https://securityvulnerability.io/vulnerability/CVE-2023-33839,IBM Security Verify Governance command execution,"A vulnerability in IBM Security Verify Governance 10.0 allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. This flaw can potentially lead to unauthorized access and manipulation of sensitive data, making it crucial for users to apply the latest security updates and patches. Organizations utilizing this product must remain vigilant and implement robust security measures to mitigate the risk of exploitation.",IBM,Security Verify Governance,7.2,HIGH,0.001290000043809414,false,,false,false,false,,,false,false,,2023-10-23T20:15:00.000Z,0
CVE-2022-22466,https://securityvulnerability.io/vulnerability/CVE-2022-22466,IBM Security Verify Governance information disclosure,"IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.  IBM X-Force ID:  225222.",IBM,Security Verify Governance,6.8,MEDIUM,0.0016299999551847577,false,,false,false,false,,,false,false,,2023-10-23T19:42:53.793Z,0
CVE-2023-33836,https://securityvulnerability.io/vulnerability/CVE-2023-33836,IBM Security Verify Governance information disclosure,"IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.  IBM X-Force ID:  256016.",IBM,Security Verify Governance,5.3,MEDIUM,0.0016299999551847577,false,,false,false,false,,,false,false,,2023-10-16T01:15:00.000Z,0
CVE-2023-35013,https://securityvulnerability.io/vulnerability/CVE-2023-35013,IBM Security Verify Governance information disclosure,"IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code.  IBM X-Force ID:  257769.",IBM,Security Verify Governance,2.3,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-16T00:15:00.000Z,0
CVE-2023-35018,https://securityvulnerability.io/vulnerability/CVE-2023-35018,IBM Security Verify Governance file upload,IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation.  IBM X-Force ID:  259382.,IBM,Security Verify Governance,3.3,LOW,0.0008399999933317304,false,,false,false,false,,,false,false,,2023-10-16T00:15:00.000Z,0
CVE-2023-35016,https://securityvulnerability.io/vulnerability/CVE-2023-35016,IBM Security Verify Governance path traversal,"IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system.  IBM X-Force ID:  257772.",IBM,"Security Verify Governance, Identity Manager",6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-07-31T01:15:00.000Z,0
CVE-2023-35019,https://securityvulnerability.io/vulnerability/CVE-2023-35019,IBM Security Verify Governance command execution,"IBM Security Verify Governance and Identity Manager 10.0 are susceptible to a vulnerability that allows remote authenticated attackers to execute arbitrary commands. By sending specially crafted requests, attackers can manipulate system operations, potentially leading to unauthorized actions and compromising system integrity. Users of these products should take immediate action to apply security updates and prevent exploitation.",IBM,"Security Verify Governance, Identity Manager",7.2,HIGH,0.0012600000482052565,false,,false,false,false,,,false,false,,2023-07-31T01:15:00.000Z,0
CVE-2022-22462,https://securityvulnerability.io/vulnerability/CVE-2022-22462,"IBM Security Verify Governance, Identity Manager virtual appliance component information disclosure","
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078.

",IBM,Security Verify Governance,3.7,LOW,0.001019999966956675,false,,false,false,false,,,false,false,,2023-01-26T21:15:00.000Z,0
CVE-2022-22470,https://securityvulnerability.io/vulnerability/CVE-2022-22470,IBM Security Verify Governance information disclosure,"
IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.

",IBM,Security Verify Governance,4.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-01-09T08:15:00.000Z,0
CVE-2022-22449,https://securityvulnerability.io/vulnerability/CVE-2022-22449,"IBM Security Verify Governance, Identity Manager information disclosure","IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.  IBM X-Force ID:  224915.",IBM,"Security Verify Governance, Identity Manager",5.3,MEDIUM,0.0009899999713525176,false,,false,false,false,,,false,false,,2022-12-22T21:26:07.329Z,0
CVE-2022-22457,https://securityvulnerability.io/vulnerability/CVE-2022-22457,"IBM Security Verify Governance, Identity Manager information disclosure","IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user.  IBM X-Force ID:  225007.",IBM,"Security Verify Governance, Identity Manager",5.3,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-12-22T21:20:51.390Z,0
CVE-2022-22458,https://securityvulnerability.io/vulnerability/CVE-2022-22458,"IBM Security Verify Governance, Identity Manager information disclosure","
IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009.

",IBM,"Security Verify Governance, Identity Manager",6.3,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-12-22T21:14:32.564Z,0
CVE-2022-22456,https://securityvulnerability.io/vulnerability/CVE-2022-22456,"IBM Security Verify Governance, Identity Manager cross-site scripting","
IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225004.

",IBM,"Security Verify Governance, Identity Manager",4.2,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-12-22T21:08:16.555Z,0
CVE-2022-22461,https://securityvulnerability.io/vulnerability/CVE-2022-22461,"IBM Security Verify Governance, Identity Manager information disclosure ","
IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007.

",IBM,"Security Verify Governance, Identity Manager",5.9,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2022-12-22T19:39:32.078Z,0
CVE-2022-35646,https://securityvulnerability.io/vulnerability/CVE-2022-35646,"IBM Security Verify Governance, Identity Manager security bypass","
IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096.

 ",IBM,"Security Verify Governance, Identity Manager",5.9,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2022-12-22T19:08:08.335Z,0
CVE-2022-22455,https://securityvulnerability.io/vulnerability/CVE-2022-22455,Privilege Escalation in IBM Security Verify Governance Identity Manager,"The IBM Security Verify Governance Identity Manager 10.0 virtual appliance contains a vulnerability that allows operations to be executed at a privilege level exceeding the necessary minimum. This flaw may result in the introduction of new weaknesses or exacerbate the effects of existing vulnerabilities, posing a significant security risk to organizations utilizing this identity management product.",IBM,Security Verify Governance,2.3,LOW,0.0014299999456852674,false,,false,false,false,,,false,false,,2022-08-17T16:15:00.000Z,0
CVE-2022-22450,https://securityvulnerability.io/vulnerability/CVE-2022-22450,File Upload Vulnerability in IBM Security Verify Identity Manager,"IBM Security Verify Identity Manager version 10.0 is susceptible to a file upload vulnerability, which could be exploited by a privileged user to upload malicious files. This occurs due to inadequate security measures in handling file extensions within HTTP requests, potentially allowing unauthorized access and manipulation of sensitive data.",IBM,Security Verify Governance,3.8,LOW,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-14T18:15:00.000Z,0
CVE-2022-22460,https://securityvulnerability.io/vulnerability/CVE-2022-22460,Information Disclosure Vulnerability in IBM Security Verify Identity Manager,"IBM Security Verify Identity Manager version 10.0 has revealed sensitive information in its source code repository. This exposure can be exploited to compromise system security, potentially leading to unauthorized access or further attacks against the identity management systems. Organizations using this version should assess their security posture and take immediate action to mitigate potential risks.",IBM,Security Verify Governance,3,LOW,0.001019999966956675,false,,false,false,false,,,false,false,,2022-07-14T18:15:00.000Z,0
CVE-2022-22452,https://securityvulnerability.io/vulnerability/CVE-2022-22452,Inadequate Account Lockout Settings in IBM Security Verify Identity Manager,"IBM Security Verify Identity Manager version 10.0 has a vulnerability related to inadequate account lockout settings. This flaw could be exploited by remote attackers, enabling them to conduct brute force attacks and gain unauthorized access to user accounts. Ensuring strong account lockout measures is crucial to mitigate potential security risks associated with this vulnerability.",IBM,Security Verify Governance,5.3,MEDIUM,0.0015200000489130616,false,,false,false,false,,,false,false,,2022-07-14T18:15:00.000Z,0
CVE-2022-22453,https://securityvulnerability.io/vulnerability/CVE-2022-22453,Weak Cryptographic Algorithms in IBM Security Verify Identity Manager,"IBM Security Verify Identity Manager 10.0 employs cryptographic algorithms that are weaker than expected, potentially enabling an attacker to decrypt sensitive information. This vulnerability compromises data integrity and confidentiality, posing significant risks to organizations relying on secure identity management solutions.",IBM,Security Verify Governance,5.1,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2022-07-13T00:00:00.000Z,0