Weak Password Policy in IBM Security Verify Governance Affects User Account Security
CVE-2024-22330

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Governance
Vendor: CVE Published:; 6 June 2025

What is CVE-2024-22330?

IBM Security Verify Governance version 10.0.2 has a significant issue regarding its default password policy, as it does not enforce the use of strong passwords. This oversight enables attackers to exploit weak passwords, potentially leading to unauthorized access to user accounts. Organizations should be aware of this vulnerability and take immediate steps to enforce a robust password policy to protect their sensitive information and user accounts against unauthorized access.

Affected Version(s)

Security Verify Governance 10.0.2

References

https://www.ibm.com/support/pages/node/7235779

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Jan 8, 2024