CVE-2024-22330: IBM Security Verify Governance information disclosure

Published Jun 5, 2025
·
Updated

IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

Other sources

IBM Security Verify Governance does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

IBM

Affected Software

3 affected components
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance - Identity Manager virtual appliance component<=ISVG 10.0.2
IBM Security Verify Governance=10.0.2

Remediation

Information

IBM strongly recommends customers update their systems promptly. Customers should update their systems by downloading the following fix pack: IBM Security Verify Governance 10.0.2   10.0.2.0-ISS-ISVG-IGVA-FP0005 IBM Security Verify Governance - Identity Manager Virtual Appliance - 10.0.2   10.0.2.0-ISS-ISVG-IMVA-FP0005

Event History

Jun 5, 2025
CVE Published
via IBM·12:00 AM
Jun 6, 2025
CVE Published
via MITRE·01:08 AM
Data Sourced
via MITRE·01:08 AM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·02:15 AM
DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-22330?

CVE-2024-22330 has been rated as a medium severity vulnerability due to the potential for unauthorized access to user accounts.

2

How do I fix CVE-2024-22330?

To address CVE-2024-22330, ensure that strong password policies are enabled and enforced for all user accounts in IBM Security Verify Governance 10.0.2.

3

What impact does CVE-2024-22330 have on user accounts?

CVE-2024-22330 allows attackers to more easily compromise user accounts due to the lack of strong password requirements by default.

4

Is CVE-2024-22330 present in versions after 10.0.2 of IBM Security Verify Governance?

CVE-2024-22330 specifically affects IBM Security Verify Governance up to version 10.0.2; later versions may have addressed the issue.

5

Who is affected by CVE-2024-22330?

Organizations using IBM Security Verify Governance 10.0.2 without strong password enforcement are at risk due to CVE-2024-22330.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203