Multiple vulnerabilities identified in IBM Security Verify Privilege Vault previously known as IBM Security Secret Server have been addressed in the release 11.0.
CVEID:CVE-2021-20569
**DESCRIPTION:**IBM Security Verify Privilege could allow an attacker to enumerate usernames due to improper input validation.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199243 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2021-20582
**DESCRIPTION:**IBM Security Verify stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199328 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2021-20508
**DESCRIPTION:**IBM Security Verify could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199322 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2020-5419
**DESCRIPTION:**VMware RabbitMQ could allow a local authenticated attacker to execute arbitrary code on the system, caused by a Windows-specific binary planting security flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187523 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
All versions of IBM Security Secret Server prior to 11.0
Upgrade to the latest release available here.
None