PT-2023-24511 · Ibm · Ibm Security Verify Governance
Published
2023-10-16
·
Updated
2023-10-19
·
CVE-2023-33836
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Security Verify Governance version 10.0
Description
The issue concerns hard-coded credentials, such as a password or cryptographic key, used by IBM Security Verify Governance for inbound authentication, outbound communication to external components, or encryption of internal data.
Recommendations
For IBM Security Verify Governance version 10.0, consider changing the hard-coded credentials, such as passwords or cryptographic keys, to configurable or dynamically generated ones to minimize the risk of exploitation. As a temporary workaround, restrict access to components that utilize these hard-coded credentials until a more permanent solution is implemented.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Verify Governance