Lucene search
IBMD8A810352C441116EC657321394833E66AC01A2916CC12C3B4A2159DC4814C0FHistoryJun 22, 2020 - 10:01 p.m.
Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4413)
2020-06-2222:01:17
www.ibm.com
5
0.003 Low
EPSS
Percentile
65.6%
Summary
A security vulnerability identified on IBM Security Secret Server has been addressed in the release 10.8.
Vulnerability Details
CVEID:CVE-2020-4413
**DESCRIPTION:**IBM Security Secret Server could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179988 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Security Secret Server | All |
Remediation/Fixes
Upgrade IBM Security Secret Server to version 10.8 as per the instructions here.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security secret server | eq | any |
Related
prion
prion
Information disclosure
2020-06-24 14:15:00
cve
cve
CVE-2020-4413
2020-06-24 14:15:12
cvelist
cvelist
CVE-2020-4413
2020-06-22 00:00:00
nvd
nvd
CVE-2020-4413
2020-06-24 14:15:12
0.003 Low
EPSS
Percentile
65.6%
Related for D8A810352C441116EC657321394833E66AC01A2916CC12C3B4A2159DC4814C0F