CVE-2024-22330: IBM Security Verify Governance information disclosure

5.9 CVSS

Description

IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

Classification

CVE ID: CVE-2024-22330

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.9

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-521 Weak Password Requirements

Affected Products

Vendor: IBM

Product: Security Verify Governance

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 6.33% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-22330
https://www.ibm.com/support/pages/node/7235779

Timeline

2025-06-06 03:40:15 UTC
CVE

IBM Security Verify Governance information disclosure