CVE-2023-35017

Name of the Vulnerable Software and Affected Versions IBM Security Verify Governance 10.0.2 Identity Manager

Description The issue is related to the transmission of user credentials in clear text by the Identity Manager component, which could be obtained by an attacker using man-in-the-middle techniques. This could allow a remote attacker to intercept and exploit the credentials. The vulnerability is associated with the storage of service data in an open manner.

Recommendations For IBM Security Verify Governance 10.0.2 Identity Manager, consider disabling the transmission of user credentials in clear text until a patch is available. Restrict access to sensitive data and minimize the risk of exploitation by implementing additional security measures, such as encryption and secure communication protocols.