CVE-2023-33838

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7172200	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:security_verify_governance:10.0.2:*:*:*:*:*:*:*

History

04 Mar 2025, 21:58

Type	Values Removed	Values Added
CWE		CWE-916
References	~~() https://www.ibm.com/support/pages/node/7172200 -~~	() https://www.ibm.com/support/pages/node/7172200 - Vendor Advisory
Summary		(es) IBM Security Verify Governance 10.0.2 Identity Manager utiliza un hash criptográfico unidireccional contra una entrada que no debe ser reversible, como una contraseña, pero el producto no utiliza una sal como parte de la entrada.
CPE		cpe:2.3:a:ibm:security_verify_governance:10.0.2:::::::*
First Time		Ibm security Verify Governance Ibm

29 Jan 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-29 02:15

Updated : 2025-03-04 21:58

NVD link : CVE-2023-33838

Mitre link : CVE-2023-33838

CVE.ORG link : CVE-2023-33838

JSON object : View

Products Affected

ibm

security_verify_governance

CWE

CWE-759

Use of a One-Way Hash without a Salt

CWE-916

Use of Password Hash With Insufficient Computational Effort

{"id": "CVE-2023-33838", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2025-01-29T02:15:26.640", "references": [{"url": "https://www.ibm.com/support/pages/node/7172200", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-759"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-916"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Verify Governance 10.0.2 Identity Manager \n\nuses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input."}, {"lang": "es", "value": "IBM Security Verify Governance 10.0.2 Identity Manager utiliza un hash criptogr\u00e1fico unidireccional contra una entrada que no debe ser reversible, como una contrase\u00f1a, pero el producto no utiliza una sal como parte de la entrada."}], "lastModified": "2025-03-04T21:58:37.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_verify_governance:10.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0412C4E-CCDF-4DAE-88B2-1D006F696ED7"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}

4.4 /10