Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-33838

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-29 Jan, 2025 | 01:22
Updated At-12 Feb, 2025 | 16:46
Rejected At-
Credits

IBM Security Verify Governance information disclosure

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:29 Jan, 2025 | 01:22
Updated At:12 Feb, 2025 | 16:46
Rejected At:
▼CVE Numbering Authority (CNA)
IBM Security Verify Governance information disclosure

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.

Affected Products
Vendor
IBM CorporationIBM
Product
Security Verify Governance
CPEs
  • cpe:2.3:a:ibm:security_verify_governance:10.0.2:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • 10.0.2
Problem Types
TypeCWE IDDescription
CWECWE-759CWE-759 Use of a One-Way Hash without a Salt
Type: CWE
CWE ID: CWE-759
Description: CWE-759 Use of a One-Way Hash without a Salt
Metrics
VersionBase scoreBase severityVector
3.14.4MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7172200
vendor-advisory
Hyperlink: https://www.ibm.com/support/pages/node/7172200
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:29 Jan, 2025 | 02:15
Updated At:04 Mar, 2025 | 21:58

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.4MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>security_verify_governance>>10.0.2
cpe:2.3:a:ibm:security_verify_governance:10.0.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-759Primarypsirt@us.ibm.com
CWE-916Secondarynvd@nist.gov
CWE ID: CWE-759
Type: Primary
Source: psirt@us.ibm.com
CWE ID: CWE-916
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7172200psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7172200
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

52Records found
CVE-2022-40295
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-4.9||MEDIUM
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 20:08
Updated-03 Aug, 2024 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated sensitive information disclosure in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.

Action-Not Available
Vendor-phppointofsalePHP Point of Sale LLC
Product-php_point_of_salePHP Point of Sale
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2024-8453
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.08% / 24.45%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 07:12
Updated-04 Oct, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PLANET Technology switch devices - Weak hash for users' passwords

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.

Action-Not Available
Vendor-planetPLANET Technology
Product-gs-4210-24p2s_firmwaregs-4210-24pl4cgs-4210-24pl4c_firmwaregs-4210-24p2sGS-4210-24P2S hardware 3.0GS-4210-24PL4C hardware 2.0
CWE ID-CWE-759
Use of a One-Way Hash without a Salt
CWE ID-CWE-328
Use of Weak Hash
  • Previous
  • 1
  • 2
  • Next
Details not found