IBM Security Verify Governance Vulnerability Could Lead to Sensitive Information Theft
CVE-2023-35888

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Governance
Vendor: CVE Published:; 20 March 2024

What is CVE-2023-35888?

The vulnerability in IBM Security Verify Governance 10.0.2 arises from the improper configuration of HTTP Strict Transport Security (HSTS), which can leave the product exposed to potential exploitation. A remote attacker may leverage this flaw to execute man-in-the-middle attacks, thereby gaining unauthorized access to sensitive information transmitted over the network. This vulnerability emphasizes the importance of properly configuring security protocols to safeguard data integrity and confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Security Verify Governance 10.0.2

References

https://www.ibm.com/support/pages/node/7144228

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/258375

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Jun 20, 2023

JSON

IBM

What is CVE-2023-35888?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.