IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.
Fixes

Solution

Customers should update their systems by downloading the relevant fix pack: Affected product(s)Version(s)Fix AvailabilityIBM Security Verify Governance 10.0.2   https://www.ibm.com/support/fixcentral/swg/downloadFixes 10.0.2.0-ISS-ISVG-IGVA-FP0006 https://www.ibm.com/support/fixcentral/swg/downloadFixes IBM Security Verify Governance - Identity Manager Software Stack 10.0.2 10.0.2.0-ISS-ISVG-IMSW-FP0006 https://www.ibm.com/support/fixcentral/swg/downloadFixes IBM Security Verify Governance - Identity Manager Virtual Appliance 10.0.2 10.0.2.0-ISS-ISVG-IMVA-FP0006 https://www.ibm.com/support/fixcentral/swg/downloadFixes


Workaround

No workaround given by the vendor.

History

Thu, 28 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 28 Aug 2025 02:30:00 +0000

Type Values Removed Values Added
Description IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.
Title IBM Security Verify Governance Identity Manager information disclosure
First Time appeared Ibm
Ibm security Verify Governance
Weaknesses CWE-209
CPEs cpe:2.3:a:ibm:security_verify_governance:10.0.2:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm security Verify Governance
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-08-28T14:18:52.198Z

Reserved: 2025-04-15T21:16:05.532Z

Link: CVE-2025-36003

cve-icon Vulnrichment

Updated: 2025-08-28T14:18:37.953Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-28T03:15:37.843

Modified: 2025-09-16T16:41:58.040

Link: CVE-2025-36003

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.