CVE-2023-35017

Published: Jan 29, 2025Modified: Mar 4, 2025

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: psirt@us.ibm.com (Secondary)

Description

IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques.

Affected (1)

Products: Ibm: Security Verify Governance

Ibm

1 product

Security Verify Governance

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Security Verify Governance	Version 10.0.2

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (1)

https://www.ibm.com/support/pages/node/7172423

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.