CVE-2023-33838

Medium

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible,…

ibm·CWE-759·Published 2025-01-29

CVSS

4.9

EPSS

0.00

KEV

Exploits

Vendor statements (1)

ibm.com

cve.orgen

221 chars

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.

NVDes

229 chars

IBM Security Verify Governance 10.0.2 Identity Manager utiliza un hash criptográfico unidireccional contra una entrada que no debe ser reversible, como una contraseña, pero el producto no utiliza una sal como parte de la entrada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	4.4	—	—	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	NVD	4.4	0.7	3.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N