Ibm: >> Security Verify Governance >> 10.0.2 Security Vulnerabilities
IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-28
IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-06-06
IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-04-09
IBM Security Verify Governance 10.0.2 Identity Manager
uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-01-29
IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-01-29
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375.
CVSS Score
5.9
EPSS Score
0.0
Published
2024-03-20