IBM Security Verify Governance Vulnerability Could Lead to Sensitive Information Theft
CVE-2023-35888

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Governance
Vendor: CVE Published:; 20 March 2024

Summary

The vulnerability in IBM Security Verify Governance 10.0.2 arises from the improper configuration of HTTP Strict Transport Security (HSTS), which can leave the product exposed to potential exploitation. A remote attacker may leverage this flaw to execute man-in-the-middle attacks, thereby gaining unauthorized access to sensitive information transmitted over the network. This vulnerability emphasizes the importance of properly configuring security protocols to safeguard data integrity and confidentiality.

Affected Version(s)

Security Verify Governance 10.0.2

References

https://www.ibm.com/support/pages/node/7144228

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/258375

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Jun 20, 2023