CVE-2021-20508

CVE-2021-20508 affects IBM Security Secret Server up to version 11.0. The vulnerability is an information disclosure caused by detailed error messages returned in the browser, enabling a remote attacker to obtain sensitive data. Remediation: upgrade to the latest release (11.0 or newer) as descri...

CVE-2020-4610

IBM Security Secret Server IBM Security Verify Privilege Manager 10.8.2 could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919...

CVE-2020-4340

IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180...

Security Bulletin: Overly Permissive CORS Policy vulnerability found on IBM Security Secret Server (CVE-2019-4633)

Summary This security bulletin describes plugging some potential, minor yet significant, information leaks by the IBM Security Secret Server. IBM Security Secret Server has an overly permissive CORS policy for login. Vulnerability Details CVEID: CVE-2019-4633 DESCRIPTION: IBM Security Secret Serv...

IBM Security Secret Cross-Site Scripting Vulnerability

IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. A cross-site scripting vulnerability exists in IBM Security Secret. The...

CVE-2019-4636

IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013...

CVE-2019-4635

IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011...

Code injection

IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045...