IBM Security Verify Governance is an identity and access management solution provided by IBM. It is a software system for managing and monitoring user identities, permissions and access. A cross-site scripting vulnerability exists in IBM Security Verify Governance, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI to change the intended functionality, potentially resulting in the disclosure of credentials in a trusted session.